[Git][security-tracker-team/security-tracker][master] Triage CVE-2024-23198, CVE-2024-24984, CVE-2024-25563 & CVE-2024-28049 in...
Chris Lamb (@lamby)
lamby at debian.org
Mon Oct 13 00:09:08 BST 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a694e2b by Chris Lamb at 2025-10-12T16:08:56-07:00
Triage CVE-2024-23198, CVE-2024-24984, CVE-2024-25563 & CVE-2024-28049 in firmware-nonfree for bullseye LTS.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -107477,6 +107477,7 @@ CVE-2024-28051 (Out-of-bounds read in some Intel(R) VPL software before version
CVE-2024-28049 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
- firmware-nonfree 20240610-1
[bookworm] - firmware-nonfree <ignored> (Minor issue; upstream commits not fully confirmed by Intel)
+ [bullseye] - firmware-nonfree <postponed> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01108.html
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0c0898b4e0a4c1a46ae01fb42bf39f1cb0dab770
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b3d445a98ebd6779d921a152349844c3e7b86bf8
@@ -107505,6 +107506,7 @@ CVE-2024-25565 (Insufficient control flow management in UEFI firmware for some I
CVE-2024-25563 (Improper initialization in firmware for some Intel(R) PROSet/Wireless ...)
- firmware-nonfree 20240610-1
[bookworm] - firmware-nonfree <ignored> (Minor issue; upstream commits not fully confirmed by Intel)
+ [bullseye] - firmware-nonfree <postponed> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01108.html
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0c0898b4e0a4c1a46ae01fb42bf39f1cb0dab770
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b3d445a98ebd6779d921a152349844c3e7b86bf8
@@ -107518,6 +107520,7 @@ CVE-2024-24985 (Exposure of resource to wrong sphere in some Intel(R) processors
CVE-2024-24984 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
- firmware-nonfree 20240610-1
[bookworm] - firmware-nonfree <ignored> (Minor issue; upstream commits not fully confirmed by Intel)
+ [bullseye] - firmware-nonfree <postponed> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01108.html
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0c0898b4e0a4c1a46ae01fb42bf39f1cb0dab770
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b3d445a98ebd6779d921a152349844c3e7b86bf8
@@ -107539,6 +107542,7 @@ CVE-2024-23312 (Uncontrolled search path for some Intel(R) Binary Configuration
CVE-2024-23198 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
- firmware-nonfree 20240610-1
[bookworm] - firmware-nonfree <ignored> (Minor issue; upstream commits not fully confirmed by Intel)
+ [bullseye] - firmware-nonfree <postponed> (Minor issue)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01108.html
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0c0898b4e0a4c1a46ae01fb42bf39f1cb0dab770
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b3d445a98ebd6779d921a152349844c3e7b86bf8
=====================================
data/dla-needed.txt
=====================================
@@ -94,14 +94,6 @@ expat (guilhem)
fastdds
NOTE: 20250303: Added by Front-Desk (rouca)
--
-firmware-nonfree
- NOTE: 20241011: Added by Front-Desk (pochu)
- NOTE: 20241011: Update to bookworm version, possibly coordinate upload of
- NOTE: 20241011: trixie version to bookworm-pu and backport that to bullseye (pochu)
- NOTE: 20241020: started discussion on how generally approach this package,
- NOTE: 20241020: Message-ID: <ZxTjEflb-ssaTmA8 at isildor2.loewenhoehle.ip> / "Re: Update on firmware-nonfree" (tobi)
- NOTE: 20241117: and <ZzovRz-UIif8e69i at localhost> / "How to handle firmware for LTS (and ELTS) [WAS: Re: Update on firmware-nonfree]" (Beuc/front-desk)
---
freeimage
NOTE: 20240922: Added by Front-Desk (apo)
NOTE: 20240922: Many postponed CVE.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a694e2b7ea962422f9b4ca44f3c4d52807b9666
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a694e2b7ea962422f9b4ca44f3c4d52807b9666
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251012/753a3f7c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list