[Git][security-tracker-team/security-tracker][master] Mark CVE-2025-2486/edk2 as postponed for bullseye

Sun Dec 7 13:58:38 GMT 2025


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
704c9455 by Utkarsh Gupta at 2025-12-07T19:28:15+05:30
Mark CVE-2025-2486/edk2 as postponed for bullseye

...and a possible regression caution

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2529,9 +2529,12 @@ CVE-2025-3747
 CVE-2025-2486 (The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI S ...)
 	- edk2 2023.11-7
 	[bookworm] - edk2 2022.11-6+deb12u1
+	[bullseye] - edk2 <postponed> (Can be piggyback'd with future DLA but be careful about possible regression)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797
 	NOTE: To address CVE-2023-48733 in Debian a local patch disabled the built-in Shell
 	NOTE: when SecureBoot is enabled fixing CVE-2025-2486.
+	NOTE: Be cautious of possible regression when backporting patches to stable releases -
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797/comments/9
 CVE-2025-26155 (NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client ...)
 	NOT-FOR-US: NCP
 CVE-2025-20373 (In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704c9455a3d8a0eb6bc4b2d793647aa310134c66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704c9455a3d8a0eb6bc4b2d793647aa310134c66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251207/d0f27c8a/attachment-0001.htm>
