Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
704c9455 by Utkarsh Gupta at 2025-12-07T19:28:15+05:30
Mark CVE-2025-2486/edk2 as postponed for bullseye
...and a possible regression caution
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2529,9 +2529,12 @@ CVE-2025-3747
CVE-2025-2486 (The Ubuntu edk2 UEFI firmware packages accidentally allowed the
UEFI S ...)
- edk2 2023.11-7
[bookworm] - edk2 2022.11-6+deb12u1
+ [bullseye] - edk2 <postponed> (Can be piggyback'd with future DLA but
be careful about possible regression)
NOTE: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797
NOTE: To address CVE-2023-48733 in Debian a local patch disabled the
built-in Shell
NOTE: when SecureBoot is enabled fixing CVE-2025-2486.
+ NOTE: Be cautious of possible regression when backporting patches to
stable releases -
+ NOTE:
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797/comments/9
CVE-2025-26155 (NCP Secure Enterprise Client 13.18 and NCP Secure Entry
Windows Client ...)
NOT-FOR-US: NCP
CVE-2025-20373 (In Splunk Add-on for Palo Alto Networks versions below 2.0.2,
the add- ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704c9455a3d8a0eb6bc4b2d793647aa310134c66
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704c9455a3d8a0eb6bc4b2d793647aa310134c66
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
