[Git][security-tracker-team/security-tracker][master] Reserve DLA-4320-1 for u-boot

[Daniel Leidert (@dleidert)]

Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77ab131e by Daniel Leidert at 2025-10-01T01:35:31+02:00
Reserve DLA-4320-1 for u-boot

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -389745,7 +389745,6 @@ CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2
 CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...)
 	[experimental] - u-boot 2021.04~rc3+dfsg-1
 	- u-boot 2021.07+dfsg-2 (bug #983269)
-	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <no-dsa> (Minor issue)
 	[stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
 	NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
@@ -389846,7 +389845,6 @@ CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2,
 CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...)
 	[experimental] - u-boot 2021.04~rc3+dfsg-1
 	- u-boot 2021.07+dfsg-2 (bug #983270)
-	[bullseye] - u-boot <no-dsa> (Minor issue)
 	[buster] - u-boot <no-dsa> (Minor issue)
 	[stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
 	NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Oct 2025] DLA-4320-1 u-boot - security update
+	{CVE-2021-27097 CVE-2021-27138}
+	[bullseye] - u-boot 2021.01+dfsg-5+deb11u2
 [30 Sep 2025] DLA-4262-2 libcommons-lang-java - regression update
 	[bullseye] - libcommons-lang-java 2.6-9+deb11u2
 [30 Sep 2025] DLA-4319-1 libxml2 - security update


=====================================
data/dla-needed.txt
=====================================
@@ -389,14 +389,6 @@ trafficserver
   NOTE: 20250403: There are multiple new CVEs. But none of them is addresses in Sid and maintainers didn't reply to me last time (dleidert)
   NOTE: 20250405: DSA 5896-1 is out (Beuc/front-desk)
 --
-u-boot (dleidert)
-  NOTE: 20250219: Added by Front-Desk (Beuc)
-  NOTE: 20250219: New CVEs, plus it's time to fix all the no-dsa&postponed CVEs (Beuc/front-desk)
-  NOTE: 20250501: DLA released; will do another round for remaining two issues (dleidert)
-  NOTE: 20250601: WIP, patches for CVE-2021-27097 and CVE-2021-27138 prepped, but test fails (dleidert)
-  NOTE: 20250629: WIP, problem fixed; testing required before DLA can be released (dleidert)
-  NOTE: 20250831: waiting for feedback from testers (dleidert)
---
 watcher (tobi)
   NOTE: 20250908: Added by Front-Desk (apo)
   NOTE: 20250908: See also nova. (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ab131e61b497690e12fc6fd06fabdf14a4362f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ab131e61b497690e12fc6fd06fabdf14a4362f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250930/128f5998/attachment-0001.htm>