[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-45512
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Aug 10 20:05:13 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
245f49d0 by Salvatore Bonaccorso at 2025-08-10T21:03:26+02:00
Update status for CVE-2025-45512
Not considered a security issue by upstream, ideally should be rejected.
Thanks: Vagrant Cascadian for reaching out to upstream and confirming
the status.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1131,7 +1131,8 @@ CVE-2025-46658 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut 2
CVE-2025-45512 (A lack of signature verification in the bootloader of DENX Software En ...)
- u-boot <unfixed> (unimportant)
NOTE: https://github.com/AzhariRamadhan/CVE-2025-45512
- NOTE: Disputable security impact; rely on system level access to bootloader
+ NOTE: Disputable security impact and not considered a security issue by upstream;
+ NOTE: relies on system level access to bootloader for exploitation.
CVE-2025-44964 (A lack of SSL certificate validation in BlueStacks v5.20 allows attack ...)
NOT-FOR-US: BlueStacks
CVE-2025-43980 (An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/245f49d08a16b28fadd278813ed3c21da9524abf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/245f49d08a16b28fadd278813ed3c21da9524abf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250810/a74645d3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list