[Git][security-tracker-team/security-tracker][master] 2 commits: Update CVE-2022-3287/fwupd - does not affect bullseye

Carlos Henrique Lima Melara (@charles) gitlab at salsa.debian.org
Wed Mar 26 02:12:50 GMT 2025 


Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8981864 by Carlos Henrique Lima Melara at 2025-03-25T23:11:27-03:00
Update CVE-2022-3287/fwupd - does not affect bullseye

The code was introduced only on version 1.7.0, bullseye has 1.5.7. Also
add a NOTE field indicating the commit that introduces the vulnerable
code.

- - - - -
858d7aa6 by Carlos Henrique Lima Melara at 2025-03-25T23:11:32-03:00
lts: drop fwupd from dla-needed - bullseye is not affected by CVE-2022-3287

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -215657,9 +215657,10 @@ CVE-2022-3288 (A branch/tag name confusion in GitLab CE/EE affecting all version
 	- gitlab 15.10.8+ds1-2
 CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin  ...)
 	- fwupd 1.8.5-1
-	[bullseye] - fwupd <no-dsa> (Minor issue)
+	[bullseye] - fwupd <not-affected> (Vulnerable code introduced in 1.7.0)
 	[buster] - fwupd <not-affected> (Vulnerable code introduced in 1.7.0)
-	NOTE: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5)
+	NOTE: Introduced by: https://github.com/fwupd/fwupd/commit/1210aa4ae7a8bddfe4d0071736c1285f17136faa (1.7.0)
+	NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5)
 CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions from 1 ...)
 	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3285 (Bypass of healthcheck endpoint allow list affecting all versions from  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -101,9 +101,6 @@ freeimage
 freetype (Adrian Bunk)
   NOTE: 20250313: Added by Front-Desk (lamby)
 --
-fwupd
-  NOTE: 20250217: Added by Front-Desk (Beuc)
---
 ghostscript (Adrian Bunk)
   NOTE: 20250321: Added by Front-Desk (pochu)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/444e2cc63923332c84b4cf2e5f37bc3ba98c28bf...858d7aa60301f9097a0d5dffe377ec8cf0c4dea0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/444e2cc63923332c84b4cf2e5f37bc3ba98c28bf...858d7aa60301f9097a0d5dffe377ec8cf0c4dea0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250326/f34c77dd/attachment.htm>

More information about the debian-security-tracker-commits mailing list