[Git][security-tracker-team/security-tracker][master] Update the patch links for CVE-2021-27138 and CVE-2021-27097

Sun Jun 1 02:30:57 BST 2025


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e9c4f33 by Daniel Leidert at 2025-06-01T03:24:00+02:00
Update the patch links for CVE-2021-27138 and CVE-2021-27097

It seems that the list of patches was not complete. Also, b6f4c75 seems to be
some kind of merge commit including all changes of all the patches mentioned
for both CVEs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -349887,9 +349887,9 @@ CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use
 	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <no-dsa> (Minor issue)
 	[stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
-	NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
 	NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
-	NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
+	NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
+	NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 (full changeset incl. CVE-2021-27097)
 CVE-2021-27137
 	RESERVED
 CVE-2021-27136
@@ -349988,9 +349988,11 @@ CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a mo
 	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <no-dsa> (Minor issue)
 	[stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
-	NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
 	NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b
-	NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
+	NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
+	NOTE: https://github.com/u-boot/u-boot/commit/c5819701a3de61e2ba2ef7ad0b616565b32305e5
+	NOTE: https://github.com/u-boot/u-boot/commit/124c255731c76a2b09587378b2bcce561bcd3f2d
+	NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 (full changeset incl. CVE-2021-27138)
 CVE-2021-27096 (NTFS Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2021-27095 (Windows Media Video Decoder Remote Code Execution Vulnerability)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e9c4f333707c8b653d123e0708affdacd86fdeb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e9c4f333707c8b653d123e0708affdacd86fdeb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250601/4632b806/attachment.htm>
