[Git][security-tracker-team/security-tracker][master] Add new set of u-boot issues

Tue Feb 18 07:01:15 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb131317 by Salvatore Bonaccorso at 2025-02-18T08:00:48+01:00
Add new set of u-boot issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2024-57259 [Heap corruption in U-Boot's SquashFS directory listing function]
+	- u-boot <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
+	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e (v2025.01-rc1)
+CVE-2024-57258 [Multiple integer overflows in U-Boot's memory allocator]
+	- u-boot <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
+	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3 (v2025.01-rc1)
+	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f (v2025.01-rc1)
+	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0 (v2025.01-rc1)
+CVE-2024-57257 [Stack overflow in U-Boot's SquashFS symlink resolution function]
+	- u-boot <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
+	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd0a591f8a11e86999e3d90a9484c34 (v2025.01-rc1)
+CVE-2024-57256 [Integer overflow in U-Boot's ext4 symlink resolution function]
+	- u-boot <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
+	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9 (v2025.01-rc1)
+CVE-2024-57255 [Integer overflow in U-Boot's SquashFS symlink resolution function]
+	- u-boot <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
+	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356 (v2025.01-rc1)
+CVE-2024-57254 [Integer overflow in U-Boot's SquashFS symlink size calculation function]
+	- u-boot <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
+	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d (v2025.01-rc1)
 CVE-2024-57262
 	- barebox <itp> (bug #900958)
 CVE-2024-57261



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb1313173b16c2ad1ea00a941e8f82c65a990b7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb1313173b16c2ad1ea00a941e8f82c65a990b7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250218/7a3b21e9/attachment.htm>
