Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
28c0f5e8 by Tobias Frost at 2023-04-01T16:05:16+02:00
Reserve DLA-3380-1 for firmware-nonfree
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -221274,7 +221274,6 @@ CVE-2020-12364 (Null pointer reference in some
Intel(R) Graphics Drivers for Win
[bullseye] - linux <ignored> (Too intrusive to backport)
[buster] - linux <ignored> (Too intrusive to backport)
- firmware-nonfree 20210208-1
- [buster] - firmware-nonfree <no-dsa> (Minor issue, too intrusive to fix
since kernel patch is needed)
[stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to
fix since kernel patch is needed)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
@@ -221288,7 +221287,6 @@ CVE-2020-12363 (Improper input validation in some
Intel(R) Graphics Drivers for
[bullseye] - linux <ignored> (Too intrusive to backport)
[buster] - linux <ignored> (Too intrusive to backport)
- firmware-nonfree 20210208-1
- [buster] - firmware-nonfree <no-dsa> (Minor issue, too intrusive to fix
since kernel patch is needed)
[stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to
fix since kernel patch is needed)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
@@ -221302,7 +221300,6 @@ CVE-2020-12362 (Integer overflow in the firmware for
some Intel(R) Graphics Driv
[bullseye] - linux <ignored> (Too intrusive to backport)
[buster] - linux <ignored> (Too intrusive to backport)
- firmware-nonfree 20210208-1
- [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
[stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to
fix since kernel patch is needed)
NOTE: Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Apr 2023] DLA-3380-1 firmware-nonfree - security update
+ {CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-24586
CVE-2020-24587 CVE-2020-24588 CVE-2021-23168 CVE-2021-23223 CVE-2021-37409
CVE-2021-44545 CVE-2022-21181}
+ [buster] - firmware-nonfree 20190114+really20220913-0+deb10u1
[01 Apr 2023] DLA-3379-1 intel-microcode - security update
{CVE-2022-21216 CVE-2022-21233 CVE-2022-33196 CVE-2022-33972
CVE-2022-38090}
[buster] - intel-microcode 3.20230214.1~deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -66,14 +66,6 @@ erlang
NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang
NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their
VCS can be used. Mail send to mailing list.
--
-firmware-nonfree (tobi)
- NOTE: 20220906: Consider to check the severity of the issues again and judge
whether a correction is worth it.
- NOTE: 20221204: Coming soon in the first week of December. (apo)
- NOTE: 20221211: Programming language: Binary blob
- NOTE: 20221211: VCS:
https://salsa.debian.org/lts-team/packages/firmware-nonfree.git
- NOTE: 20230302: Prepared new upstream version 20220913, with all
firmwarefiles
- NOTE: 20230302: re-added which had been dropped since buster-version and
asked Ben for feedback.
---
fusiondirectory
NOTE: 20221203: Programming language: PHP.
NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c0f5e85a04740a5e228ec75a25765919d08f80
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c0f5e85a04740a5e228ec75a25765919d08f80
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
