[Git][security-tracker-team/security-tracker][master] dla: drop arm-trusted-firmware

Sylvain Beucler (@beuc) Sat, 21 Jun 2025 03:07:04 -0700


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
72e6527d by Sylvain Beucler at 2025-06-21T09:38:25+02:00
dla: drop arm-trusted-firmware

No sponsors, no need to get ahead of bookworm

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -47438,6 +47438,7 @@ CVE-2024-8401 (CWE-79: Improper Neutralization of Input 
During Web Page Generati
 CVE-2024-7881 (An unprivileged context can trigger a data memory-dependent 
prefetch e ...)
        - arm-trusted-firmware 2.12.1+dfsg-1
        [bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
+       [bullseye] - arm-trusted-firmware <postponed> (Minor issue, follow 
bookworm)
        NOTE: 
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
 CVE-2024-6351 (A malformed packet can cause a buffer overflow in the NWK/APS 
layer of ...)
        NOT-FOR-US: Ember ZNet
@@ -62351,6 +62352,7 @@ CVE-2024-7572 (Insufficient permissions in Ivanti DSM 
before version 2024.3.5740
 CVE-2024-5660 (Use of Hardware Page Aggregation (HPA) and Stage-1 and/or 
Stage-2 tran ...)
        - arm-trusted-firmware 2.12.1+dfsg-1
        [bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
+       [bullseye] - arm-trusted-firmware <postponed> (Minor issue, follow 
bookworm)
        NOTE: 
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
 CVE-2024-55602 (PwnDoc is a penetration test report generator. Prior to commit 
1d4219c ...)
        NOT-FOR-US: PwnDoc


=====================================
data/dla-needed.txt
=====================================
@@ -45,9 +45,6 @@ ansible
   NOTE: 20241123: Made a partial release. only CVE-2024-11079 needed but more 
upstream backport work needed (rouca)
   NOTE: 20250422: Testing/bisecting will take more time, please keep it 
assigned to me (lee)
 --
-arm-trusted-firmware
-  NOTE: 20250303: Added by Front-Desk (rouca)
---
 bind9
   NOTE: 20250620: Added by coordinator (roberto)
   NOTE: 20250620: I have dug into CVE-2025-40775 and based on the description 
in the upstream



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72e6527dc37ea3e2e697057b3371a803287113ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72e6527dc37ea3e2e697057b3371a803287113ae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: drop arm-trusted-firmware

Reply via email to