Bug#1120393: marked as done (trixie-pu: package edk2/2025.02-8+deb13u1)

Sat, 10 Jan 2026 03:56:38 -0800 

Your message dated Sat, 10 Jan 2026 11:52:34 +0000
with message-id <[email protected]>
and subject line Released with 13.3
has caused the Debian Bug report #1120393,
regarding trixie-pu: package edk2/2025.02-8+deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1120393: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120393
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:edk2
User: [email protected]
Usertags: pu

[ Reason ]
3 security fixes. 2 were requested by the security team. The other is
an OpenSSL one (embedded code), which is minor in this context.

[ Impact ]
Addresses minor security fixes.

[ Tests ]
There are no specific tests for these vulnerabilities. There
are autopkgtests for regressions.

[ Risks ]
A regression would likely lead to existing VMs not being able to boot.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
  * Cherry-pick openssl fix for timing side-channel in ECDSA signature
    computation, CVE-2024-13176.
    - d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
  * Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805.
    - d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
  * Safe handling of IDT register on SMM entry, CVE-2025-3770.
    - d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch

[ Other info ]
hi.

--- End Message ---
--- Begin Message --- 
Package: release.debian.org\nVersion: 13.3\n\nThis update has been released as 
part of Debian 13.3.

--- End Message ---

Reply via email to