[Git][security-tracker-team/security-tracker][master] Reserve DLA-4207-1 for edk2

Markus Koschany (@apo) apo at debian.org
Mon Jun 2 13:46:54 BST 2025 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
679538a4 by Markus Koschany at 2025-06-02T14:46:42+02:00
Reserve DLA-4207-1 for edk2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -106063,7 +106063,6 @@ CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifie
 CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...)
 	- edk2 2024.05-1
 	[bookworm] - edk2 2022.11-6+deb12u2
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
 	NOTE: https://github.com/tianocore/edk2/pull/5659
@@ -147975,49 +147974,42 @@ CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP Initi
 CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
 	- edk2 2023.11-6 (bug #1061256)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
 CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
 	- edk2 2023.11-6 (bug #1061256)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
 CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop vulnerability ...)
 	- edk2 2023.11-6 (bug #1061256)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
 CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop vulnerabilit ...)
 	- edk2 2023.11-6 (bug #1061256)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
 CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read  vulner ...)
 	- edk2 2023.11-6 (bug #1061256)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
 CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
 	- edk2 2023.11-6 (bug #1061256)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
 CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read  vulner ...)
 	- edk2 2023.11-6 (bug #1061256)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
@@ -251546,7 +251538,6 @@ CVE-2022-36766
 CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob() function, al ...)
 	- edk2 2023.11-5 (bug #1060408)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
@@ -251554,7 +251545,6 @@ CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob() functi
 CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() fun ...)
 	- edk2 2023.11-5 (bug #1060408)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4118
@@ -251562,7 +251552,6 @@ CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage
 CVE-2022-36763 (EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() fu ...)
 	- edk2 2023.11-5 (bug #1060408)
 	[bookworm] - edk2 2022.11-6+deb12u1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4117
@@ -320505,7 +320494,6 @@ CVE-2021-38579
 	RESERVED
 CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ...)
 	- edk2 2022.11-1 (bug #1014468)
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3387
 	NOTE: https://edk2.groups.io/g/devel/message/90516
@@ -320514,13 +320502,11 @@ CVE-2021-38577
 	REJECTED
 CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...)
 	- edk2 2021.11-1 (bug #1014468)
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499
 	NOTE: Fixed by https://github.com/tianocore/edk2/pull/1968
 CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.)
 	- edk2 2021.08-1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	[stretch] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
@@ -347407,7 +347393,6 @@ CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys distributi
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
 	- edk2 2021.11~rc1-1
-	[bullseye] - edk2 <no-dsa> (Minor issue)
 	[buster] - edk2 <no-dsa> (Minor issue)
 	[stretch] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[02 Jun 2025] DLA-4207-1 edk2 - security update
+	{CVE-2021-28216 CVE-2021-38575 CVE-2021-38576 CVE-2021-38578 CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2024-1298 CVE-2024-38796}
+	[bullseye] - edk2 2020.11-2+deb11u3
 [02 Jun 2025] DLA-4206-1 asterisk - security update
 	{CVE-2025-47779 CVE-2025-47780}
 	[bullseye] - asterisk 1:16.28.0~dfsg-0+deb11u7


=====================================
data/dla-needed.txt
=====================================
@@ -80,13 +80,6 @@ dnsdist
   NOTE: 20250521: Added by Front-Desk (Beuc)
   NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)
 --
-edk2 (Markus Koschany)
-  NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,
-  NOTE: 20240815: (10 ipv6-related, postponed CVEs), plus there are older postponed vulnerabilities (Beuc/front-desk)
-  NOTE: 20241105: maintainer proposed opu debdiff for CVE-2024-38796 and CVE-2024-1298, https://bugs.debian.org/1086762 (santiago)
-  NOTE: 20250511: WIP. I believe have addressed all remaining issues now. (apo)
---
 epiphany-browser
   NOTE: 20250429: Added by Front-Desk (lamby)
   NOTE: 20250429: Changes the UI to prompt when opening URLs in external applications. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679538a43c49048a2ac59a887574c5ac3ed46461

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679538a43c49048a2ac59a887574c5ac3ed46461
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/1cfe9fd2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list