[Git][security-tracker-team/security-tracker][master] Track fixed version for arm-trusted-firmware issues via experimental
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 8 04:51:35 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68e5634f by Salvatore Bonaccorso at 2025-01-08T05:50:56+01:00
Track fixed version for arm-trusted-firmware issues via experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -48157,12 +48157,14 @@ CVE-2024-22020 (A security flaw in Node.js allows a bypass of network import re
CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be induce ...)
NOT-FOR-US: /n software IPWorks SSH library SFTPServer component
CVE-2024-6564 (Buffer overflow in "rcar_dev_init" due to using due to using untruste ...)
+ [experimental] - arm-trusted-firmware 2.12.0+dfsg-1
- arm-trusted-firmware <unfixed> (bug #1076042)
[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
[bullseye] - arm-trusted-firmware <no-dsa> (Minor issue)
NOTE: https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2
NOTE: https://asrg.io/security-advisories/cve-2024-6564/
CVE-2024-6563 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+ [experimental] - arm-trusted-firmware 2.12.0+dfsg-1
- arm-trusted-firmware <unfixed> (bug #1076042)
[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
[bullseye] - arm-trusted-firmware <no-dsa> (Minor issue)
@@ -50670,11 +50672,13 @@ CVE-2024-6290 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 a
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-6287 (Incorrect Calculation vulnerability in Renesas arm-trusted-firmware al ...)
+ [experimental] - arm-trusted-firmware 2.12.0+dfsg-1
- arm-trusted-firmware <unfixed> (unimportant; bug #1074431)
NOTE: https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675c6b57c571b469b298f04
NOTE: https://asrg.io/security-advisories/cve-2024-6287-incorrect-address-range-calculations-in-renesas-rcar/
NOTE: Vulnerable targets not built in Debian
CVE-2024-6285 (Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-tr ...)
+ [experimental] - arm-trusted-firmware 2.12.0+dfsg-1
- arm-trusted-firmware <unfixed> (unimportant; bug #1074431)
NOTE: https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b
NOTE: https://asrg.io/security-advisories/cve-2024-6285-integer-underflow-in-memory-range-check-in-renesas-rcar/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e5634f485ec6c01b2836da5c95ff51b37010f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e5634f485ec6c01b2836da5c95ff51b37010f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250108/9575d9ac/attachment.htm>
More information about the debian-security-tracker-commits
mailing list