[Git][security-tracker-team/security-tracker][master] Add entry for DLA-4150-1/uboot

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 1 06:02:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a11e655 by Salvatore Bonaccorso at 2025-05-01T07:01:22+02:00
Add entry for DLA-4150-1/uboot

Daniel Leidert, please do double-check correctness.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -244480,7 +244480,6 @@ CVE-2022-2348
 CVE-2022-2347 (There exists an unchecked length field in UBoot. The U-Boot DFU implem ...)
 	[experimental] - u-boot 2023.01~rc2+dfsg-1
 	- u-boot 2023.01~rc4+dfsg-2 (bug #1014959)
-	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2
 	NOTE: https://source.denx.de/u-boot/u-boot/-/commit/fbce985e28eaca3af82afecc11961aadaf971a7e (v2023.01-rc2)
@@ -246148,7 +246147,6 @@ CVE-2022-2260 (The GiveWP WordPress plugin before 2.21.3 does not have CSRF in p
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error and res ...)
 	- u-boot 2022.07+dfsg-1 (bug #1014529)
-	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
 	NOTE: https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (v2022.07-rc6)
@@ -246324,7 +246322,6 @@ CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptib
 	NOT-FOR-US: Symantec
 CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from v2020.10-rc ...)
 	- u-boot 2022.07+dfsg-1
-	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <not-affected> (SquashFS support added in 2020.10)
 	NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html
 	NOTE: https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 (v2022.07-rc6)
@@ -250768,7 +250765,6 @@ CVE-2022-33104
 	RESERVED
 CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an  ...)
 	- u-boot 2022.07+dfsg-1 (bug #1014528)
-	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <not-affected> (SquashFS support added in 2020.10)
 	NOTE: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com/
 	NOTE: https://lore.kernel.org/all/20220609140206.297405-1-miquel.raynal@bootlin.com/
@@ -257611,7 +257607,6 @@ CVE-2022-30793
 CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2 ...)
 	[experimental] - u-boot 2022.07~rc4+dfsg-1
 	- u-boot 2022.07+dfsg-1 (bug #1014470)
-	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <no-dsa> (Minor issue)
 	[stretch] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
@@ -257719,7 +257714,6 @@ CVE-2022-30768 (A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12
 CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and throu ...)
 	[experimental] - u-boot 2022.07~rc4+dfsg-1
 	- u-boot 2022.07+dfsg-1 (bug #1014471)
-	[bullseye] - u-boot <ignored> (Minor issue)
 	[buster] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not applied)
 	[stretch] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not applied)
 	NOTE: Introduced by: https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96 (v2019.10-rc4)
@@ -258303,7 +258297,6 @@ CVE-2022-30553
 CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow.)
 	[experimental] - u-boot 2022.07~rc4+dfsg-1
 	- u-boot 2022.07+dfsg-1 (bug #1014470)
-	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <no-dsa> (Minor issue)
 	[stretch] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 May 2025] DLA-4150-1 u-boot - security update
+	{CVE-2019-14196 CVE-2022-2347 CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVE-2022-33103 CVE-2022-33967 CVE-2022-34835 CVE-2024-57254 CVE-2024-57255 CVE-2024-57256 CVE-2024-57257 CVE-2024-57258 CVE-2024-57259}
+	[bullseye] - u-boot 2021.01+dfsg-5+deb11u1
 [01 May 2025] DLA-4149-1 nagvis - security update
 	{CVE-2021-33178 CVE-2022-3979 CVE-2022-46945 CVE-2023-46287 CVE-2024-13722 CVE-2024-13723 CVE-2024-47093}
 	[bullseye] - nagvis 1:1.9.25-2+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a11e655a626faf7d75c052666a319a3043fcff6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a11e655a626faf7d75c052666a319a3043fcff6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250501/6b9e5d64/attachment.htm>

More information about the debian-security-tracker-commits mailing list