Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e4e97c0 by Salvatore Bonaccorso at 2024-02-11T09:06:30+01:00
Track fixes for edk2 via unstable
Note that does not cover all CVEs from #1061256 as only a subset was
indeed dovered. Two remain open: CVE-2023-45236 and CVE-2023-45237 so
far.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4857,43 +4857,43 @@ CVE-2023-45236 (EDK2's Network Package is susceptible
to a predictable TCP Initi
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop
vulnerability ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop
vulnerabilit ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read
vulner ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read
vulner ...)
- - edk2 <unfixed> (bug #1061256)
+ - edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4e97c072640641fa2240f1c40a489d4eb2b83c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e4e97c072640641fa2240f1c40a489d4eb2b83c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
