[Git][security-tracker-team/security-tracker][master] dla: drop arm-trusted-firmware

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat Jun 21 08:38:56 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72e6527d by Sylvain Beucler at 2025-06-21T09:38:25+02:00
dla: drop arm-trusted-firmware

No sponsors, no need to get ahead of bookworm

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -47438,6 +47438,7 @@ CVE-2024-8401 (CWE-79: Improper Neutralization of Input During Web Page Generati
 CVE-2024-7881 (An unprivileged context can trigger a data memory-dependent prefetch e ...)
 	- arm-trusted-firmware 2.12.1+dfsg-1
 	[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
+	[bullseye] - arm-trusted-firmware <postponed> (Minor issue, follow bookworm)
 	NOTE: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
 CVE-2024-6351 (A malformed packet can cause a buffer overflow in the NWK/APS layer of ...)
 	NOT-FOR-US: Ember ZNet
@@ -62351,6 +62352,7 @@ CVE-2024-7572 (Insufficient permissions in Ivanti DSM before version 2024.3.5740
 CVE-2024-5660 (Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 tran ...)
 	- arm-trusted-firmware 2.12.1+dfsg-1
 	[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
+	[bullseye] - arm-trusted-firmware <postponed> (Minor issue, follow bookworm)
 	NOTE: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
 CVE-2024-55602 (PwnDoc is a penetration test report generator. Prior to commit 1d4219c ...)
 	NOT-FOR-US: PwnDoc


=====================================
data/dla-needed.txt
=====================================
@@ -45,9 +45,6 @@ ansible
   NOTE: 20241123: Made a partial release. only CVE-2024-11079 needed but more upstream backport work needed (rouca)
   NOTE: 20250422: Testing/bisecting will take more time, please keep it assigned to me (lee)
 --
-arm-trusted-firmware
-  NOTE: 20250303: Added by Front-Desk (rouca)
---
 bind9
   NOTE: 20250620: Added by coordinator (roberto)
   NOTE: 20250620: I have dug into CVE-2025-40775 and based on the description in the upstream



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72e6527dc37ea3e2e697057b3371a803287113ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72e6527dc37ea3e2e697057b3371a803287113ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250621/06654749/attachment.htm>

More information about the debian-security-tracker-commits mailing list