[Git][security-tracker-team/security-tracker][master] Reserve DLA-4642-1 for u-boot

Andreas Henriksson (@ah) gitlab at salsa.debian.org
Tue Jun 23 22:16:49 BST 2026



Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65d2b579 by Andreas Henriksson at 2026-06-23T23:16:42+02:00
Reserve DLA-4642-1 for u-boot

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -58877,7 +58877,6 @@ CVE-2026-33251 (Discourse is an open-source discussion platform. Prior to versio
 CVE-2026-46728 (Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verif ...)
 	- u-boot 2025.01-3.2 (bug #1136954)
 	[trixie] - u-boot <no-dsa> (Minor issue)
-	[bookworm] - u-boot <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/u-boot/u-boot/commit/2092322b31cc8b1f8c9e2e238d1043ae0637b241 (v2026.04-rc4)
 CVE-2026-33243 (barebox is a bootloader. In barebox from version 2016.03.0 to before v ...)
 	- barebox <itp> (bug #900958)
@@ -252326,8 +252325,6 @@ CVE-2024-42364 (Homepage is a highly customizable homepage with Docker and servi
 CVE-2024-42040 (Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from  ...)
 	- u-boot 2025.01-3.2 (bug #1081557)
 	[trixie] - u-boot <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - u-boot <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - u-boot <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://lists.denx.de/pipermail/u-boot/2024-August/562528.html
 	NOTE: https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
 	NOTE: Fixed by: https://github.com/u-boot/u-boot/commit/81e5708cc2c865df606e49aed5415adb2a662171 (v2026.01-rc1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,7 @@
+[23 Jun 2026] DLA-4642-1 u-boot - security update
+	{CVE-2024-42040 CVE-2026-46728}
+	[bullseye] - u-boot 2021.01+dfsg-5+deb11u3
+	[bookworm] - u-boot 2023.01+dfsg-2+deb12u3
 [23 Jun 2026] DLA-4641-1 beets - security update
 	{CVE-2026-42052}
 	[bullseye] - beets 1.4.9-7+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -706,13 +706,6 @@ trafficserver/bullseye
   NOTE: 20250403: There are multiple new CVEs. But none of them is addresses in Sid and maintainers didn't reply to me last time (dleidert)
   NOTE: 20250405: DSA 5896-1 is out (Beuc/front-desk)
 --
-u-boot/bullseye (ah)
-  NOTE: 20260522: Added by Front-Desk (Beuc)
-  NOTE: 20260522: Fix postponed CVEs along with buster (Beuc/front-desk)
-  NOTE: 20260617: unstable NMU (-3.2) now migrated to testing (ah)
-  NOTE: 20260617: s-p-u needed, but same upstream version as sid/testing so should be trivial (ah)
-  NOTE: 20260617: I have bookworm and bullseye backports prepared locally, will upload soon. (ah)
---
 unbound
   NOTE: 20260520: Added by Front-Desk (Beuc)
   NOTE: 20260520: 11 new CVEs including 2 memory corruption (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d2b579e64b76f6b3b7ea003d1b7886add1b592

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d2b579e64b76f6b3b7ea003d1b7886add1b592
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/03bbc9c7/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list