Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
77ab131e by Daniel Leidert at 2025-10-01T01:35:31+02:00
Reserve DLA-4320-1 for u-boot
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -389745,7 +389745,6 @@ CVE-2021-27139 (An issue was discovered on FiberHome
HG6245D devices through RP2
CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles
use of uni ...)
[experimental] - u-boot 2021.04~rc3+dfsg-1
- u-boot 2021.07+dfsg-2 (bug #983269)
- [bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <no-dsa> (Minor issue)
[stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
NOTE:
https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
@@ -389846,7 +389845,6 @@ CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and
before versions 0.9.4, 0.10.2,
CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a
modified ...)
[experimental] - u-boot 2021.04~rc3+dfsg-1
- u-boot 2021.07+dfsg-2 (bug #983270)
- [bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <no-dsa> (Minor issue)
[stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
NOTE:
https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Oct 2025] DLA-4320-1 u-boot - security update
+ {CVE-2021-27097 CVE-2021-27138}
+ [bullseye] - u-boot 2021.01+dfsg-5+deb11u2
[30 Sep 2025] DLA-4262-2 libcommons-lang-java - regression update
[bullseye] - libcommons-lang-java 2.6-9+deb11u2
[30 Sep 2025] DLA-4319-1 libxml2 - security update
=====================================
data/dla-needed.txt
=====================================
@@ -389,14 +389,6 @@ trafficserver
NOTE: 20250403: There are multiple new CVEs. But none of them is addresses
in Sid and maintainers didn't reply to me last time (dleidert)
NOTE: 20250405: DSA 5896-1 is out (Beuc/front-desk)
--
-u-boot (dleidert)
- NOTE: 20250219: Added by Front-Desk (Beuc)
- NOTE: 20250219: New CVEs, plus it's time to fix all the no-dsa&postponed
CVEs (Beuc/front-desk)
- NOTE: 20250501: DLA released; will do another round for remaining two issues
(dleidert)
- NOTE: 20250601: WIP, patches for CVE-2021-27097 and CVE-2021-27138 prepped,
but test fails (dleidert)
- NOTE: 20250629: WIP, problem fixed; testing required before DLA can be
released (dleidert)
- NOTE: 20250831: waiting for feedback from testers (dleidert)
---
watcher (tobi)
NOTE: 20250908: Added by Front-Desk (apo)
NOTE: 20250908: See also nova. (apo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ab131e61b497690e12fc6fd06fabdf14a4362f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ab131e61b497690e12fc6fd06fabdf14a4362f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
