Andreas Henriksson pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65d2b579 by Andreas Henriksson at 2026-06-23T23:16:42+02:00
Reserve DLA-4642-1 for u-boot

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -58877,7 +58877,6 @@ CVE-2026-33251 (Discourse is an open-source discussion 
platform. Prior to versio
 CVE-2026-46728 (Das U-Boot before 2026.04 allows FIT (Flat Image Tree) 
signature verif ...)
        - u-boot 2025.01-3.2 (bug #1136954)
        [trixie] - u-boot <no-dsa> (Minor issue)
-       [bookworm] - u-boot <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/u-boot/u-boot/commit/2092322b31cc8b1f8c9e2e238d1043ae0637b241
 (v2026.04-rc4)
 CVE-2026-33243 (barebox is a bootloader. In barebox from version 2016.03.0 to 
before v ...)
        - barebox <itp> (bug #900958)
@@ -252326,8 +252325,6 @@ CVE-2024-42364 (Homepage is a highly customizable 
homepage with Docker and servi
 CVE-2024-42040 (Buffer Overflow vulnerability in the net/bootp.c in DENEX 
U-Boot from  ...)
        - u-boot 2025.01-3.2 (bug #1081557)
        [trixie] - u-boot <postponed> (Minor issue, revisit when fixed upstream)
-       [bookworm] - u-boot <postponed> (Minor issue, revisit when fixed 
upstream)
-       [bullseye] - u-boot <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://lists.denx.de/pipermail/u-boot/2024-August/562528.html
        NOTE: https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
        NOTE: Fixed by: 
https://github.com/u-boot/u-boot/commit/81e5708cc2c865df606e49aed5415adb2a662171
 (v2026.01-rc1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,7 @@
+[23 Jun 2026] DLA-4642-1 u-boot - security update
+       {CVE-2024-42040 CVE-2026-46728}
+       [bullseye] - u-boot 2021.01+dfsg-5+deb11u3
+       [bookworm] - u-boot 2023.01+dfsg-2+deb12u3
 [23 Jun 2026] DLA-4641-1 beets - security update
        {CVE-2026-42052}
        [bullseye] - beets 1.4.9-7+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -706,13 +706,6 @@ trafficserver/bullseye
   NOTE: 20250403: There are multiple new CVEs. But none of them is addresses 
in Sid and maintainers didn't reply to me last time (dleidert)
   NOTE: 20250405: DSA 5896-1 is out (Beuc/front-desk)
 --
-u-boot/bullseye (ah)
-  NOTE: 20260522: Added by Front-Desk (Beuc)
-  NOTE: 20260522: Fix postponed CVEs along with buster (Beuc/front-desk)
-  NOTE: 20260617: unstable NMU (-3.2) now migrated to testing (ah)
-  NOTE: 20260617: s-p-u needed, but same upstream version as sid/testing so 
should be trivial (ah)
-  NOTE: 20260617: I have bookworm and bullseye backports prepared locally, 
will upload soon. (ah)
---
 unbound
   NOTE: 20260520: Added by Front-Desk (Beuc)
   NOTE: 20260520: 11 new CVEs including 2 memory corruption (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d2b579e64b76f6b3b7ea003d1b7886add1b592

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d2b579e64b76f6b3b7ea003d1b7886add1b592
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to