[Git][security-tracker-team/security-tracker][master] Add CVE-2022-30767/u-boot

Mon, 16 May 2022 22:15:42 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
915cb99a by Salvatore Bonaccorso at 2022-05-17T07:14:35+02:00
Add CVE-2022-30767/u-boot

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -496,7 +496,13 @@ CVE-2022-30769
 CVE-2022-30768
        RESERVED
 CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 
(and throu ...)
-       TODO: check
+       - u-boot <unfixed>
+       [bullseye] - u-boot <ignored> (Minor issue)
+       [buster] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not 
applied)
+       NOTE: Introduced by: 
https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
 (v2019.10-rc4)
+       NOTE: https://lists.denx.de/pipermail/u-boot/2022-May/483952.html
+       NOTE: 
https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/
+       NOTE: Issue exists because of an incorrect fix for CVE-2019-14196.
 CVE-2022-30766
        RESERVED
 CVE-2022-30765 (Calibre-Web before 0.6.18 allows user table SQL Injection. ...)
@@ -195651,6 +195657,8 @@ CVE-2019-14196 (An issue was discovered in Das U-Boot 
through 2019.07. There is
        [jessie] - u-boot <no-dsa> (Minor issue)
        NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
        NOTE: 
https://gitlab.denx.de/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
+       NOTE: Fixing this issue with the original upstream commit introduces 
CVE-2022-30767 due to
+       NOTE: an incorrect fix.
 CVE-2019-14195 (An issue was discovered in Das U-Boot through 2019.07. There 
is an unb ...)
        - u-boot 2020.01+dfsg-1
        [buster] - u-boot <ignored> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/915cb99a5b30f70ec7f0edf1c06c5a2d28bc807e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/915cb99a5b30f70ec7f0edf1c06c5a2d28bc807e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to