Your message dated Mon, 01 Sep 2025 22:36:17 +0000
with message-id <[email protected]>
and subject line Bug#1111100: fixed in edk2 2025.02-9
has caused the Debian Bug report #1111100,
regarding edk2: CVE-2024-38805
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: edk2
Version: 2025.02-8
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for edk2.
CVE-2024-38805[0]:
| EDK2 contains a vulnerability in BIOS where a user may cause an
| Integer Overflow or Wraparound by network means. A successful
| exploitation of this vulnerability may lead to denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-38805
https://www.cve.org/CVERecord?id=CVE-2024-38805
[1] https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: edk2
Source-Version: 2025.02-9
Done: dann frazier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <[email protected]> (supplier of updated edk2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Sep 2025 14:16:19 -0600
Source: edk2
Architecture: source
Version: 2025.02-9
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: dann frazier <[email protected]>
Closes: 1103961 1110533 1111100
Changes:
edk2 (2025.02-9) unstable; urgency=medium
.
* Cherry-pick openssl fix for timing side-channel in ECDSA signature
computation, CVE-2024-13176.
- d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
* Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805.
(Closes: #1111100).
- d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
* Use virt-firmware to enroll default keys.
* Initialize the Secure Boot dbx in *.ms.fd with the latest revocations.
The dbx previously only contained the hash of an empty file.
* Safe handling of IDT register on SMM entry, CVE-2025-3770.
(Closes: #1110533).
- d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch
* Add amdsev image. Thanks to Lukas Märdian. (Closes: #1103961).
Checksums-Sha1:
2800233feb28f1679d90af98afe2632d017b81ef 2630 edk2_2025.02-9.dsc
fb4095b28dafda9d8e2de90b3ffe5a392aec1267 71572 edk2_2025.02-9.debian.tar.xz
2df4bd0e01c29eea75277dc3f6ff2537ef43b4b5 10716 edk2_2025.02-9_source.buildinfo
Checksums-Sha256:
a7eac1ef65f2e44610a8c20e2d65f6593b8a82d8d5ca79eb5e188b2203032424 2630
edk2_2025.02-9.dsc
37bbe74f35dc030f5cbc3250f6ba9a781dd5231a1372a459db848a24dee93471 71572
edk2_2025.02-9.debian.tar.xz
eef43421807ca7b4aa5d887ca769f64ed6b13497eab106d2a1fca8ffe056de48 10716
edk2_2025.02-9_source.buildinfo
Files:
7b0afdc61838cce49cd33bb7b081a330 2630 misc optional edk2_2025.02-9.dsc
8babbbfe95e1048cc2548e908a242061 71572 misc optional
edk2_2025.02-9.debian.tar.xz
4e32a25c70e0bbe0cd25ae123d754343 10716 misc optional
edk2_2025.02-9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wr0EARYKAG8Fgmi1/zQJEFRbhkD0YjpYRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZ0RRZLwMT3IldpUz/NOzLXU/QqPziC14OSY4+xMeetEO
FiEEKBpcS4ojw8R0IfYuVFuGQPRiOlgAAIylAP96TduryBJX6Y0E9ZGmPioNVscF
2FjeiL4O2SGFxn6aowEA/PVju+kTEj2uNsGKMn40QDmExVdyt6/Ji9II1G/hawM=
=KF5I
-----END PGP SIGNATURE-----
pgpp5lPDErHr_.pgp
Description: PGP signature
--- End Message ---
