Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted u-boot 2021.01+dfsg-5+deb11u1 (source) into oldstable-security
Date: Thu, 01 May 2025 00:10:21 +0000
Signed by: Daniel Leidert <dleidert@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 01 May 2025 01:19:02 +0200
Source: u-boot
Architecture: source
Version: 2021.01+dfsg-5+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Vagrant Cascadian <vagrant@debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1014470 1014471 1014528 1014529 1014959 1098254
Changes:
 u-boot (2021.01+dfsg-5+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2022-34835.patch: Add patch to fix CVE-2022-34835.
     - Fix an integer signedness error and resultant stack-based buffer overflow
       in the 'i2c md' command that enables the corruption of the return address
       pointer of the do_i2c_md function (closes: #1014529).
   * d/patches/CVE-2022-33967.patch: Add patch to fix CVE-2022-33967.
     - Fix a heap-based buffer overflow vulnerability due to a defect in the
       metadata reading process which may lead to a denial-of-service (DoS)
       condition or arbitrary code execution by loading a specially crafted
       squashfs image.
   * d/patches/CVE-2022-33103.patch: Add patch to fix CVE-2022-33103.
     - Fix an an out-of-bounds write (closes: #1014528).
   * d/patches/CVE-2022-30790.patch: Add patch to fix CVE-2022-30790 and
     CVE-2022-30552.
     - Fix a a Buffer Overflow (closes: #1014470).
   * d/patches/CVE-2022-30767.patch: Add patch to fix CVE-2022-30767.
     - Fix an unbounded memcpy with a failed length check, leading to a buffer
       overflow. This issue exists due to an incorrect fix for CVE-2019-14196
       (closes: #1014471).
   * d/patches/CVE-2022-2347.patch: Add patch to fix CVE-2022-2347.
     - Fix an unchecked length field leading to a heap overflow
       (closes: #1014959).
   * d/patches/CVE-2024-57254.patch: Add patch to fix CVE-2024-57254.
     - Fix an integer overflow in sqfs_inode_size (closes: 1098254).
   * d/patches/CVE-2024-57255.patch: Add patch to fix CVE-2024-57255.
     - Fix an integer overflow in sqfs_resolve_symlink (closes: #1098254).
   * d/patches/CVE-2024-57256.patch: Add patch to fix CVE-2024-57256.
     - Fix an integer overflow in ext4fs_read_symlink (closes: #1098254).
   * d/patches/CVE-2024-57257.patch: Add patch to fix CVE-2024-57257.
     - Fix a stack consumption issue in sqfs_size possible with deep symlink
       nesting (closes: #1098254).
   * d/patches/CVE-2024-57258-1.patch, d/patches/CVE-2024-57258-2.patch,
     d/patches/CVE-2024-57258-3.patch: Add patches to fx CVE-2024-57258.
     - Fix multiple integer overflows (closes: #1098254).
   * d/patches/CVE-2024-57259.patch: Add patch to fix CVE-2024-57259.
     - Fix an off-by-one error resulting in a heap memory corruption in
       sqfs_search_dir (closes: #1098254).
Checksums-Sha1:
 0e21bdcaedcccf6b4e46cb757ea20fdec280609c 3504 u-boot_2021.01+dfsg-5+deb11u1.dsc
 bb849ec021e5ed18516f2f7727965da08de718b9 13829776 u-boot_2021.01+dfsg.orig.tar.xz
 c50e53c0339e3d0016911c11efabcd0f652089a9 56720 u-boot_2021.01+dfsg-5+deb11u1.debian.tar.xz
 16f6e1722cc04bb58ae8ee4bebebb9bb72f063c0 11016 u-boot_2021.01+dfsg-5+deb11u1_amd64.buildinfo
Checksums-Sha256:
 ddf8d3781c0c7eb4e1bd1588ed68bbb8caf089ba292bd1782780000b3fa4087f 3504 u-boot_2021.01+dfsg-5+deb11u1.dsc
 2c2f2422b14630e47b9ebf27cff7941da242512f5bac4ad7af101a933282e7a0 13829776 u-boot_2021.01+dfsg.orig.tar.xz
 5a1c2bd73e53d6fe87f6db2fd7c001ffbae348541244209aacfe9482825c5392 56720 u-boot_2021.01+dfsg-5+deb11u1.debian.tar.xz
 8fe8d8fc5bf2cda5f118bf4b548e03f8e6969a6289986d36f5daf71a14f87b92 11016 u-boot_2021.01+dfsg-5+deb11u1_amd64.buildinfo
Files:
 019eacc4c42895ceb724fedf81b7392a 3504 admin optional u-boot_2021.01+dfsg-5+deb11u1.dsc
 8bc543dbd76bdc302970e88938e823c2 13829776 admin optional u-boot_2021.01+dfsg.orig.tar.xz
 d718987c9c70dad50409b3d91a295c58 56720 admin optional u-boot_2021.01+dfsg-5+deb11u1.debian.tar.xz
 29f6a60fd2322a7c17d7732f6a350add 11016 admin optional u-boot_2021.01+dfsg-5+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmgSt7QACgkQS80FZ8KW
0F2isxAAs7NwzdY5tGpVUwhjel60tur4xhU9FpeCY+fluMnjF+V5hhD3H3olWCHZ
NRixpirzD4InD8eI2vHuxD1kLP1yd+Y05VcEMEoNdB1kLC0DShV331IxnO/hePPF
C5MhZJ91utzixJkWHa7YVZNg3flCvx3Fm+akhyND19Bt3mM6vH0Au2hKWYLFBSqt
H+8K/K8aJTfyHtdqsI7wV7WguULEW2MUPufvB7fsTwj84vxFgR38rq+sxntYQQYY
gqd/P4MUTSLXHBKD6t8JEMLFhdUymm+0v+D5MvlR86pxwcKXdCQNhv/Fhjv/VkSb
G2HY7g1p9KOTk3RrviQyhIXOuZI+IQoP33aqJT5Sd1LGlnVMd0arOikmUvMgrs1g
hs4f9K2w6FnwPXevJoejtGXJv4ifZcAjAiDzMO6XiiJLc1VaJzqMCs070P4OIBMM
cYaqXPMqYmrsdNXGylSUO9bwAdQE5Pnq9yJ5DjuqlWRXLU+bd/MwT5kWUbxixWnD
lrYdXsul01jKmpCe+ouTTDRpz5RzVu07zuFGXqxXhnOMcQDn4bmVb1vdfuAqAY2H
ZUHVd/KibqfPphB0llFgUeDUpZekyukWfyHl2j1lCQC7s+yzFiX+oBGIOOQeYcf6
sNQxFMYp068WsgcA3VndhSbq91Sv3PhRqpxZ0jnkZo0TeWCG0lg=
=Y2eT
-----END PGP SIGNATURE-----
News for package u-boot
