Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05d65275 by Ola Lundqvist at 2021-05-20T08:35:47+02:00
Removed firmware-nonfree from dla needed. Marked the relevant CVEs as either
ignored (if linux package update is needed as well) or plain no-dsa in other
cases. There is no plain to update buster for these issues and therefore there
is no good reason for updating stretch as well. An update may very well be
suitable at a later date when some other more pressing issue arise.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -78646,6 +78646,7 @@ CVE-2020-12364 (Null pointer reference in some Intel(R)
Graphics Drivers for Win
- linux <unfixed>
- firmware-nonfree 20210208-1
[buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to
fix since kernel patch is needed)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
NOTE: firmware is required. The new firmware requires a kernel patch
@@ -78655,6 +78656,7 @@ CVE-2020-12363 (Improper input validation in some
Intel(R) Graphics Drivers for
- linux <unfixed>
- firmware-nonfree 20210208-1
[buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to
fix since kernel patch is needed)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
NOTE: firmware is required. The new firmware requires a kernel patch
@@ -78664,6 +78666,7 @@ CVE-2020-12362 (Integer overflow in the firmware for
some Intel(R) Graphics Driv
- linux <unfixed>
- firmware-nonfree 20210208-1
[buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to
fix since kernel patch is needed)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
NOTE: firmware is required. The new firmware requires a kernel patch
@@ -78760,6 +78763,7 @@ CVE-2020-12322 (Improper input validation in some
Intel(R) Wireless Bluetooth(R)
CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless
Bluetooth(R) pro ...)
- firmware-nonfree <unfixed>
[buster] - firmware-nonfree <no-dsa> (non-free not supported)
+ [stretch] - firmware-nonfree <no-dsa> (Minor issue, can be considered
if some other major issue appear)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html
NOTE: See notes for CVE-2020-12313
CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft*
SCCM be ...)
@@ -78767,6 +78771,7 @@ CVE-2020-12320 (Uncontrolled search path in Intel(R)
SCS Add-on for Microsoft* S
CVE-2020-12319 (Insufficient control flow management in some Intel(R)
PROSet/Wireless ...)
- firmware-nonfree <unfixed>
[buster] - firmware-nonfree <no-dsa> (non-free not supported)
+ [stretch] - firmware-nonfree <no-dsa> (Minor issue, can be considered
if some other major issue appear)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
NOTE: See notes for CVE-2020-12313
CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless
WiFi pro ...)
@@ -78774,6 +78779,7 @@ CVE-2020-12318 (Protection mechanism failure in some
Intel(R) PROSet/Wireless Wi
CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless
WiFi prod ...)
- firmware-nonfree <unfixed>
[buster] - firmware-nonfree <no-dsa> (non-free not supported)
+ [stretch] - firmware-nonfree <no-dsa> (Minor Issue, May be considered
if some major issue appear)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
NOTE: See notes for CVE-2020-12313
CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA
before versio ...)
@@ -78785,6 +78791,7 @@ CVE-2020-12314 (Improper input validation in some
Intel(R) PROSet/Wireless WiFi
CVE-2020-12313 (Insufficient control flow management in some Intel(R)
PROSet/Wireless ...)
- firmware-nonfree <unfixed>
[buster] - firmware-nonfree <no-dsa> (non-free not supported)
+ [stretch] - firmware-nonfree <no-dsa> (Minor Issue, May be considered
if some major issue appear)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
NOTE: Fixed firmware blobs:
NOTE: ibt-18-16-1.sfi: FW Build: REL17064 Release Version: 22.20.0.3
=====================================
data/dla-needed.txt
=====================================
@@ -36,13 +36,6 @@ condor
NOTE: 20200727: Waiting on maintainer feedback:
https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
NOTE: 20210205: Some patches seems to be available but not clear if it
solves the whole issue or not. (ola)
--
-firmware-nonfree
- NOTE: 20201207: wait for the update in buster and backport that (Emilio)
- NOTE: 20210519: CVE-2020-1236[2,3,4] need a kernel patch to actually allow to
- NOTE: 20210519: use the new firmware and that patch isn't present in 4.19
(and ofc also not in 4.9)
- NOTE: 20210519: Kernel maintainers do not plan to update buster. They can
accept an update in buster by the LTS team. (Ola)
- NOTE: 20210519: Propose to not update the package due to the current issues.
(Ola)
---
golang-github-appc-cni (Thorsten Alteholz)
NOTE: 20210517: still WIP, trying to automize golang updates
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05d65275176dbc44d1fea51fb8aac7269c545374
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05d65275176dbc44d1fea51fb8aac7269c545374
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
