[Git][security-tracker-team/security-tracker][master] Reserve DLA-4642-1 for u-boot
Andreas Henriksson (@ah)
gitlab at salsa.debian.org
Tue Jun 23 22:16:49 BST 2026
Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65d2b579 by Andreas Henriksson at 2026-06-23T23:16:42+02:00
Reserve DLA-4642-1 for u-boot
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -58877,7 +58877,6 @@ CVE-2026-33251 (Discourse is an open-source discussion platform. Prior to versio
CVE-2026-46728 (Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verif ...)
- u-boot 2025.01-3.2 (bug #1136954)
[trixie] - u-boot <no-dsa> (Minor issue)
- [bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/u-boot/u-boot/commit/2092322b31cc8b1f8c9e2e238d1043ae0637b241 (v2026.04-rc4)
CVE-2026-33243 (barebox is a bootloader. In barebox from version 2016.03.0 to before v ...)
- barebox <itp> (bug #900958)
@@ -252326,8 +252325,6 @@ CVE-2024-42364 (Homepage is a highly customizable homepage with Docker and servi
CVE-2024-42040 (Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from ...)
- u-boot 2025.01-3.2 (bug #1081557)
[trixie] - u-boot <postponed> (Minor issue, revisit when fixed upstream)
- [bookworm] - u-boot <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - u-boot <postponed> (Minor issue; can be fixed in next update)
NOTE: https://lists.denx.de/pipermail/u-boot/2024-August/562528.html
NOTE: https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
NOTE: Fixed by: https://github.com/u-boot/u-boot/commit/81e5708cc2c865df606e49aed5415adb2a662171 (v2026.01-rc1)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,7 @@
+[23 Jun 2026] DLA-4642-1 u-boot - security update
+ {CVE-2024-42040 CVE-2026-46728}
+ [bullseye] - u-boot 2021.01+dfsg-5+deb11u3
+ [bookworm] - u-boot 2023.01+dfsg-2+deb12u3
[23 Jun 2026] DLA-4641-1 beets - security update
{CVE-2026-42052}
[bullseye] - beets 1.4.9-7+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -706,13 +706,6 @@ trafficserver/bullseye
NOTE: 20250403: There are multiple new CVEs. But none of them is addresses in Sid and maintainers didn't reply to me last time (dleidert)
NOTE: 20250405: DSA 5896-1 is out (Beuc/front-desk)
--
-u-boot/bullseye (ah)
- NOTE: 20260522: Added by Front-Desk (Beuc)
- NOTE: 20260522: Fix postponed CVEs along with buster (Beuc/front-desk)
- NOTE: 20260617: unstable NMU (-3.2) now migrated to testing (ah)
- NOTE: 20260617: s-p-u needed, but same upstream version as sid/testing so should be trivial (ah)
- NOTE: 20260617: I have bookworm and bullseye backports prepared locally, will upload soon. (ah)
---
unbound
NOTE: 20260520: Added by Front-Desk (Beuc)
NOTE: 20260520: 11 new CVEs including 2 memory corruption (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d2b579e64b76f6b3b7ea003d1b7886add1b592
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d2b579e64b76f6b3b7ea003d1b7886add1b592
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/03bbc9c7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list