Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc81494f by Markus Koschany at 2025-06-02T14:41:18+02:00
Update fixing commits and links to patches for edk2 issues.
- - - - -
91b16762 by Markus Koschany at 2025-06-02T14:41:20+02:00
edk2: Mark current no-dsa CVE in bookworm postponed in bullseye
wait for the maintainer if he wants to address those problems first in
bookworm. Should another batch of CVE appear in the future and those issues are
still not fixed, we could step in and offer help. At the moment this is not
critical.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17434,6 +17434,7 @@ CVE-2024-43046 (There may be information disclosure
during memory re-allocation
CVE-2024-38797 (EDK2 contains a vulnerability in the HashPeImageByType(). A
user may c ...)
- edk2 2025.02-8 (bug #1102519)
[bookworm] - edk2 <no-dsa> (Minor issue)
+ [bullseye] - edk2 <postponed> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
CVE-2024-33058 (Memory corruption while assigning memory from the source DDR
memory(HL ...)
NOT-FOR-US: Qualcomm
@@ -25495,6 +25496,7 @@ CVE-2025-2308 (A vulnerability, which was classified as
critical, was found in H
CVE-2025-2295 (EDK2 contains a vulnerability in BIOS where a user may cause an
Intege ...)
- edk2 2025.02-4 (bug #1100594)
[bookworm] - edk2 <no-dsa> (Minor issue)
+ [bullseye] - edk2 <postponed> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x
CVE-2025-2267 (The WP01 plugin for WordPress is vulnerable to Arbitrary File
Download ...)
NOT-FOR-US: WordPress plugin
@@ -147957,7 +147959,7 @@ CVE-2021-4432 (A vulnerability was found in PCMan FTP
Server 2.0.7. It has been
CVE-2023-45237 (EDK2's Network Package is susceptible to a predictable TCP
Initial Seq ...)
- edk2 2024.05-1 (bug #1063727)
[bookworm] - edk2 <no-dsa> (Minor issue)
- [bullseye] - edk2 <no-dsa> (Minor issue)
+ [bullseye] - edk2 <postponed> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
@@ -147965,7 +147967,7 @@ CVE-2023-45237 (EDK2's Network Package is susceptible
to a predictable TCP Initi
CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP
Initial Seq ...)
- edk2 2024.05-1 (bug #1063726)
[bookworm] - edk2 <no-dsa> (Minor issue)
- [bullseye] - edk2 <no-dsa> (Minor issue)
+ [bullseye] - edk2 <postponed> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
@@ -251548,6 +251550,7 @@ CVE-2022-36765 (EDK2 is susceptible to a
vulnerability in the CreateHob() functi
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
+ NOTE: https://github.com/tianocore/edk2/issues/10299
CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the
Tcg2MeasurePeImage() fun ...)
- edk2 2023.11-5 (bug #1060408)
[bookworm] - edk2 2022.11-6+deb12u1
@@ -251555,6 +251558,7 @@ CVE-2022-36764 (EDK2 is susceptible to a
vulnerability in the Tcg2MeasurePeImage
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4118
+ NOTE: https://github.com/tianocore/edk2/pull/5264
CVE-2022-36763 (EDK2 is susceptible to a vulnerability in the
Tcg2MeasureGptTable() fu ...)
- edk2 2023.11-5 (bug #1060408)
[bookworm] - edk2 2022.11-6+deb12u1
@@ -251562,6 +251566,7 @@ CVE-2022-36763 (EDK2 is susceptible to a
vulnerability in the Tcg2MeasureGptTabl
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4117
+ NOTE: https://github.com/tianocore/edk2/pull/5264
CVE-2022-36762
RESERVED
CVE-2022-36761
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7a1ebde0a2f09c654550851736009a5dcf306dd...91b16762cd16540a59086efdc23e20b369cbc6fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7a1ebde0a2f09c654550851736009a5dcf306dd...91b16762cd16540a59086efdc23e20b369cbc6fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
