[Git][security-tracker-team/security-tracker][master] Track fixes for edk2 via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Feb 11 08:07:45 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e4e97c0 by Salvatore Bonaccorso at 2024-02-11T09:06:30+01:00
Track fixes for edk2 via unstable
Note that does not cover all CVEs from #1061256 as only a subset was
indeed dovered. Two remain open: CVE-2023-45236 and CVE-2023-45237 so
far.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4857,43 +4857,43 @@ CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP Initi
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop vulnerability ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop vulnerabilit ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4e97c072640641fa2240f1c40a489d4eb2b83c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4e97c072640641fa2240f1c40a489d4eb2b83c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240211/d33fda52/attachment.htm>
More information about the debian-security-tracker-commits
mailing list