firmware-nonfree - Debian Package Tracker

general

source: firmware-nonfree (non-free-firmware)
version: 20260410-1
maintainer: Debian Kernel Team (archive) (DMD)
uploaders: Bastian Blank [DMD] – Salvatore Bonaccorso [DMD] – maximilian attems [DMD] – Ben Hutchings [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20210315-3
oldstable: 20230210-5
old-bpo: 20250410-2~bpo12+1
stable: 20250410-2
stable-bpo: 20260410-1~bpo13+1
testing: 20260410-1
unstable: 20260410-1

versioned links

20210315-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230210-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250410-2~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250410-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20260410-1~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20260410-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

firmware-amd-graphics (9 bugs: 0, 9, 0, 0)
firmware-atheros (3 bugs: 0, 3, 0, 0)
firmware-bnx2
firmware-bnx2x
firmware-brcm80211 (2 bugs: 0, 2, 0, 0)
firmware-cavium
firmware-cirrus
firmware-intel-graphics
firmware-intel-misc
firmware-intel-sound (1 bugs: 0, 1, 0, 0)
firmware-ipw2x00
firmware-ivtv
firmware-iwlwifi (21 bugs: 0, 20, 1, 0)
firmware-libertas
firmware-linux
firmware-linux-nonfree (2 bugs: 0, 1, 1, 0)
firmware-marvell-prestera
firmware-mediatek (1 bugs: 0, 1, 0, 0)
firmware-misc-nonfree (11 bugs: 0, 9, 2, 0)
firmware-myricom
firmware-netronome
firmware-netxen (1 bugs: 0, 1, 0, 0)
firmware-nvidia-graphics (1 bugs: 0, 0, 1, 0)
firmware-qcom-media
firmware-qcom-soc
firmware-qlogic
firmware-realtek (6 bugs: 0, 6, 0, 0)
firmware-samsung
firmware-siano (1 bugs: 0, 1, 0, 0)
firmware-ti-connectivity (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 20260519 high

A new upstream version 20260519 is available, you should consider packaging it.

Created: 2026-05-22 Last update: 2026-06-04 04:00

24 security issues in bullseye high

There are 24 open security issues in bullseye.

3 important issues:

CVE-2025-26402: Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-26405: Improper control of dynamically-managed code resources for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-32735: Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

21 issues postponed or untriaged:

CVE-2023-4969: (needs triaging) A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
CVE-2020-24586: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
CVE-2020-24587: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
CVE-2020-24588: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
CVE-2021-23168: (needs triaging) Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-23223: (needs triaging) Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-37409: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-44545: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-21181: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-27635: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: (needs triaging) Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: (needs triaging) Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: (needs triaging) Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-35061: (needs triaging) Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-38417: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47210: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-23198: (postponed; to be fixed through a stable update) Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-24984: (postponed; to be fixed through a stable update) Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-25563: (postponed; to be fixed through a stable update) Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-28049: (postponed; to be fixed through a stable update) Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.

Created: 2025-11-16 Last update: 2026-04-28 19:02

13 security issues in buster high

There are 13 open security issues in buster.

12 important issues:

CVE-2023-25951: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-26586: Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-28374: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-28720: Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access..
CVE-2023-32642: Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32644: Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32651: Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-33875: Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..
CVE-2023-34983: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-35061: Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-38417: Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47210: Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

1 issue postponed or untriaged:

CVE-2023-4969: (postponed; to be fixed through a stable update) A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

Created: 2024-05-02 Last update: 2024-05-22 17:48

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs (3 if counting merged bugs), consider including or untagging them.

Created: 2026-06-02 Last update: 2026-06-04 09:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 20260519-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 78415b2cf5bd1043ef5ce8d835ae54b8fc4a752a
Merge: 60a0c88 16014e0
Author: Ben Hutchings <benh@debian.org>
Date:   Wed Jun 3 21:49:20 2026 +0200

    Merge branch 'update-package-rels' into 'debian/latest'
    
    Update and remove obsolete package relations
    
    See merge request kernel-team/firmware-nonfree!150

commit 16014e02d4892266f1d475df92e2fe9c7fa23500
Author: Ben Hutchings <benh@debian.org>
Date:   Sun May 31 21:05:04 2026 +0200

    misc-nonfree: Remove Provides relation to firmware-{adi,ralink}
    
    firmware-{adi,ralink} were merged into firmware-misc-nonfree in
    version 20151018-1, although there wasn't a proper transition
    until version 20180825-1.  We can now assume that everyone got
    this upgrade.
    
    Nothing seems to refer to firmware-adi.
    
    firmware-ralink is referred to only in the Suggests field of
    x2gothinclient-chroot, and in some examples in documentation.  Also
    the Ralink firmware is actually in firmware-mediatek now, so it
    doesn't make sense to claim to Provide it here anyway.
    
    So remove both of these from Provides.

commit 8abd14ce74f8d31eea29e215434a482304a6c8f7
Author: Ben Hutchings <benh@debian.org>
Date:   Sun May 31 20:53:04 2026 +0200

    libertas: Remove Replaces/Provides relations to libertas-firmware
    
    firmware-libertas was introduced to replace libertas-firmware in 2011,
    and the latter was eventually removed from unstable in 2015.  Nothing
    seems to refer to the old package name so there's no need to keep
    these relations.

commit 3a2ea4a61da170afeff2d61898a0a27b28940dc7
Author: Ben Hutchings <benh@debian.org>
Date:   Sun May 31 20:41:16 2026 +0200

    Remove remains of the firmware-qcom-media to firmware-qcom-soc transition
    
    firmware-qcom-media was (effectively) renamed to firmware-qcom-soc in
    version 20200421-1, before the bullseye release.  There is no need to
    keep the transitional firmware-qcom-media package or versioned
    relations to the old version.

commit 5760fcab3c11bfbe77a24a2e6be366314751b2dc
Author: Ben Hutchings <benh@debian.org>
Date:   Sun May 31 20:32:07 2026 +0200

    libertas: Remove firmware-marvell-prestera from Recommends
    
    The Prestera switch firmware was split out of firmware-libertas into
    firmware-marvell-prestera in version 20230625-3~exp1, and the former
    Recommends the latter so that that firmware remains installed (by
    default) when upgrading from an earlier version.
    
    However, unlike the firmware split out of firmware-misc-nonfree, the
    hardware this supports doesn't seem to be that widely used and we
    still don't enable the driver in any official kernel config.  So I
    don't think this recommendation actually ever made sense.  Remove it
    and do not use Suggests.

commit b70913d2fce85986b876910a3b34c22b9bc6595a
Author: Ben Hutchings <benh@debian.org>
Date:   Sun May 31 20:23:27 2026 +0200

    misc-nonfree: Move all packages from Recommends to Suggests
    
    Various firmware was split out of firmware-misc-nonfree into
    firmware-{intel-{graphics,misc},mediatek,nvidia-graphics} in version
    20230625-3~exp1, and the former Recommends all of the latter so that
    that firmware remains installed (by default) when upgrading from an
    earlier version.
    
    But new installations of firmware-misc-nonfree also pull in those
    other packages by default, which is less desirable.  Also, because we
    have had a stable release since then, we can now assume all users will
    have done that upgrade and installed the new packages before they
    upgrade to any future versions.  So it's time to stop recommending
    the new packages.
    
    However, the new packages will now be marked as auto-installed, and if
    we simply remove the Recommends they would be auto-removable.
    Instead, move them to Suggests.  This is enough to protect them from
    being auto-removed without causing them to be installed in by default.
    
    Closes: #1137651

commit b902dd47358cf022b4da1d85d9aac1cccb627cb9
Author: Ben Hutchings <benh@debian.org>
Date:   Sun May 31 20:07:16 2026 +0200

    Add support for per-package Suggests control field

commit 60a0c88e1be5d57f99effda0780e78222ebdf5ba
Merge: eba1a64 6acf82e
Author: Ben Hutchings <benh@debian.org>
Date:   Sun May 31 01:02:08 2026 +0200

    Merge branch 'include-more' into 'debian/latest'
    
    Include more firmware in binary packages
    
    See merge request kernel-team/firmware-nonfree!149

commit 6acf82e34ae4619ff405a0204f6484bd3c201107
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 16:23:38 2026 +0200

    misc-nonfree: Add TI PCM6240 family audio ADC/DAC firmware

commit e834b64d27357ca69f229bc006d7d7839c97b444
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 16:21:36 2026 +0200

    misc-nonfree: Add Renesas R-Car Gen4 PCIe controller firmware

commit d51f8ba0ab7707b45439b29ba10d3d6f3cfe8e2b
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 16:18:53 2026 +0200

    misc-nonfree: Add Bosch BMI270 IMU firmware

commit 72b3a079f3daed64900a07fc2e68ac61816cb74d
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 15:28:48 2026 +0200

    misc-nonfree: Add Chips&Media Wave6 video codec firmware
    
    The kernel driver that requests this (wave6) is not yet upstream, but
    the upstreaming process seems to be active.

commit db1bf32764096fcddc66f5f0b1796a3abb1b7381
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 15:20:11 2026 +0200

    misc-nonfree: Add more Lontium video converter firmware

commit 9b0837f8a17ae1d4bd12338f484fcb0a34914a85
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 15:14:41 2026 +0200

    netronome: Include all firmware symlinks
    
    It seems that we missed the addition of these symlinks for Netronome
    firmware in 2018.  I explicitly excluded them from netronome in commit
    ca580e3ba73e "d/config: Use wildcards in file lists", but that was
    done only to maintain the current sets of included files.
    
    Remove the exclusion.

commit 12c16ca398214a1f65cf8194d7b0e770e0366f70
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 15:08:24 2026 +0200

    d/copyright, d/c/defines.toml: Fully exclude obsolete Intel sound firmware
    
    There is no need to include the old versions of Intel sound
    firmware in either the source or binary packages, so exclude
    them through d/copyright rather than d/c/defines.toml.

commit a2887f34e32eddd2623e5826fb16671e0ff19337
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 14:52:39 2026 +0200

    intel-misc: Include QAT 4xxx firmware
    
    It seems that we missed the addition of the firmware for the Intel QAT
    4xxx in 2023.  I explicitly excluded it from intel-misc in commit
    ca580e3ba73e "d/config: Use wildcards in file lists", but that was
    done only to maintain the current sets of included files.
    
    Remove the exclusion.

commit ddda39b72d8a01edce40b75be2af323bd21cec24
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 14:48:03 2026 +0200

    misc-nonfree: Add more Airoha firmware

commit d7e456108abfbe41bbe9df8d8ed8b66f403d5169
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 14:38:32 2026 +0200

    misc-nonfree: Add Aeonsemi PHY firmware

commit ea7663c248f7bcbbacc5be37947309ceeb72c9fd
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 14:36:39 2026 +0200

    d/c/defines.toml: Sort patterns within each pattern list

commit aea8d955d628b0e9e971fd918401ca081145327b
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 14:26:56 2026 +0200

    Add config field for files that check_upstream.py should ignore
    
    Since commit 403c960195eb "d/b/check_upstream.py: Fix name of
    'files-excluded' config field", several legal notices and a
    documentation file that have File: entries in WHENCE were newly
    reported as unpackaged.
    
    These files do belong in the source package but not in any binary
    package.  It's questionable whether they should have File: entries in
    WHENCE, but so long as that is the case check_upstream.py should
    ignore them.  Add a files_unpackaged config field listing the patterns
    to ignore, and set its value appropriately.

commit ecf7359fb02e7ae1a589196f3d42a30b9863e659
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 14:10:16 2026 +0200

    d/c/defines.toml: Correct the comment on links_excluded
    
    The links_excluded field controls the behaviour of both install-files
    and check_upstream.py, and the former is more important.

commit eba1a6471d18030caa4a8b82117cf9622e843a19
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 16:41:08 2026 +0200

    d/copyright: Update for new upstream version
    
    - Lontium firmware was moved into a vendor subdirectory.
    - Qualcommm Atheros IPQ5424 and QCN2072 firmware was added.  IPQ5424
      has a slightly different set of copyright dates from other ath12k
      firmware, so gets its own stanza.

commit 430e009c85e7cd21c36fb05a68c8d5cc93094ab1
Merge: 570f5a4 8594b1b
Author: Ben Hutchings <benh@debian.org>
Date:   Fri May 29 13:40:34 2026 +0200

    Merge branch 'update-20260519' into 'debian/latest'
    
    Update to 20260519
    
    See merge request kernel-team/firmware-nonfree!148

commit 8594b1bebb55fa902884127c19f09f2790d776a9
Author: Ben Hutchings <benh@debian.org>
Date:   Tue May 26 23:44:48 2026 +0200

    Update to 20260519
    
    - mediatek: Drop vpu_d.bin and vpu_p.bin symlinks, removed upstream
    - misc-nonfree: Update file list for move of lt9611uxc_fw.bin

commit 570f5a49cb6fb11dd8f9ad3aa2a8459287246df7
Merge: 24ac8ee cf0df1b
Author: Ben Hutchings <benh@debian.org>
Date:   Tue May 5 14:42:07 2026 +0200

    Merge branch 'dont-suggest-initramfs-tools' into 'debian/latest'
    
    control: stop suggesting initramfs-tools
    
    See merge request kernel-team/firmware-nonfree!147

commit cf0df1b48a6284fd5a5da49a931dac3f475f9897
Author: Agathe Porte <agathe.porte@oss.qualcomm.com>
Date:   Tue May 5 13:22:40 2026 +0200

    control: stop suggesting initramfs-tools
    
    The use of initramfs-tools in forky is being phased out for dracut, so
    this suggestion is becoming obsolete. Suggesting an initramfs generator
    for every firmware package also do not seem to be a sensible solution,
    since some firmware can just be loaded when the root file system is
    mounted.
    
    Remove the Suggest: initramfs-tools line in the generated binary
    packages to reflect this.
    
    Closes: #1135736
    Signed-off-by: Agathe Porte <agathe.porte@oss.qualcomm.com>

commit 24ac8ee9222b266f2174ea2aae37bb713424da40
Merge: 931ca94 02124d5
Author: Ben Hutchings <benh@debian.org>
Date:   Tue May 5 14:07:33 2026 +0200

    Merge branch 'initramfs-rework' into 'debian/latest'
    
    gencontrol: s/initramfs-tools/update-initramfs/
    
    See merge request kernel-team/firmware-nonfree!146

commit 02124d59c838bc17905bd085d7d9ea9334c70b20
Author: Agathe Porte <debian@microjoe.org>
Date:   Tue May 5 14:07:33 2026 +0200

    gencontrol: s/initramfs-tools/update-initramfs/

Created: 2026-05-05 Last update: 2026-06-03 22:01

lintian reports 12 warnings normal

Lintian reports 12 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-02-05 Last update: 2026-02-16 10:49

AppStream hints: 1 warning for firmware-bnx2,firmware-intel-graphics,firmware-qlogic,firmware-nvidia-graphics,firmware-intel-sound,firmware-ipw2x00,firmware-amd-graphics,firmware-intel-misc,firmware-iwlwifi,firmware-samsung,firmware-realtek,firmware-libertas,firmware-ti-connectivity,firmware-mediatek,firmware-cavium,firmware-atheros,firmware-marvell-prestera,firmware-bnx2x,firmware-brcm80211,firmware-misc-nonfree,firmware-siano,firmware-myricom,firmware-qcom-soc,firmware-ivtv,firmware-cirrus,firmware-netronome,firmware-netxen normal

AppStream found metadata issues for packages:

firmware-ipw2x00: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2024-01-27 Last update: 2025-04-21 17:20

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-32735: (needs triaging) Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-11 Last update: 2026-04-28 19:02

No known security issue in bookworm wishlist

There are 13 open security issues in bookworm.

13 ignored issues:

CVE-2023-4969: A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
CVE-2022-27635: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-35061: Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-38417: Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47210: Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-23198: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-24984: Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-25563: Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-28049: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.

Created: 2023-08-18 Last update: 2026-04-28 19:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.3.0).

Created: 2023-05-16 Last update: 2026-04-20 18:16

news

[rss feed]

[2026-04-28] Accepted firmware-nonfree 20260410-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-04-25] firmware-nonfree 20260410-1 MIGRATED to testing (Debian testing watch)
[2026-04-20] Accepted firmware-nonfree 20260410-1 (source) into unstable (Ben Hutchings)
[2026-04-02] Accepted firmware-nonfree 20260309-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-03-31] firmware-nonfree 20260309-1 MIGRATED to testing (Debian testing watch)
[2026-03-26] Accepted firmware-nonfree 20260221-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-03-26] Accepted firmware-nonfree 20260309-1 (source) into unstable (Ben Hutchings)
[2026-03-17] firmware-nonfree 20260221-1 MIGRATED to testing (Debian testing watch)
[2026-03-14] Accepted firmware-nonfree 20260110-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-03-11] Accepted firmware-nonfree 20260221-1 (source) into unstable (Ben Hutchings)
[2026-02-28] firmware-nonfree 20260110-1 MIGRATED to testing (Debian testing watch)
[2026-02-26] Accepted firmware-nonfree 20251111-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-02-04] Accepted firmware-nonfree 20260110-1 (source) into unstable (Ben Hutchings)
[2026-02-03] Accepted firmware-nonfree 20251125-1 (source) into unstable (Ben Hutchings)
[2025-11-30] firmware-nonfree 20251111-1 MIGRATED to testing (Debian testing watch)
[2025-11-25] Accepted firmware-nonfree 20251021-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2025-11-24] Accepted firmware-nonfree 20251111-1 (source) into unstable (Ben Hutchings)
[2025-11-08] firmware-nonfree 20251021-1 MIGRATED to testing (Debian testing watch)
[2025-11-02] Accepted firmware-nonfree 20251021-1 (source) into unstable (Ben Hutchings)
[2025-11-02] Accepted firmware-nonfree 20251011-1 (source) into unstable (Ben Hutchings)
[2025-10-15] Accepted firmware-nonfree 20250917-1 (source) into unstable (Ben Hutchings)
[2025-09-09] Accepted firmware-nonfree 20250808-1~bpo13+1 (all source) into stable-backports (Debian FTP Masters) (signed by: Ben Hutchings)
[2025-08-21] firmware-nonfree 20250808-1 MIGRATED to testing (Debian testing watch)
[2025-08-15] Accepted firmware-nonfree 20250808-1 (source) into unstable (Ben Hutchings)
[2025-07-08] Accepted firmware-nonfree 20250708-1 (source) into experimental (Ben Hutchings)
[2025-07-08] Accepted firmware-nonfree 20250627-1 (source) into experimental (Ben Hutchings)
[2025-06-21] Accepted firmware-nonfree 20250613-1 (source) into experimental (Ben Hutchings)
[2025-06-19] Accepted firmware-nonfree 20250509-1 (source) into experimental (Ben Hutchings)
[2025-05-28] Accepted firmware-nonfree 20250410-2~bpo12+1 (source) into stable-backports (Ben Hutchings)
[2025-05-05] firmware-nonfree 20250410-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 68 71
RC: 0
I&N: 57 59
M&W: 9 10
F&P: 2
patch: 2 3

links

lintian (0, 12)
buildd: logs
popcon
browse source code
other distros
security tracker
debian patches