Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted u-boot 2023.01+dfsg-2+deb12u3 (source) into oldstable-security
Date: Tue, 23 Jun 2026 12:11:24 +0000
Signed by: Andreas Henriksson <ah@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 22 Jun 2026 10:38:07 +0200
Source: u-boot
Architecture: source
Version: 2023.01+dfsg-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: Vagrant Cascadian <vagrant@debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Closes: 1056750 1081557 1136954
Changes:
 u-boot (2023.01+dfsg-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2024-42040: buffer overread vulnerability in the DHCP implementation.
     (Closes: #1081557)
   * CVE-2026-46728: mishandles use of unit addresses in a FIT.
     (Closes: #1136954)
   * Remove avr32 arch support removed in dpkg 1.22.0 (Closes: #1056750)
     - now also leads to dak rejecting uploads even for older suites
Checksums-Sha1:
 86f30ba3dd9cb837c677cd4f6a473b462c0fd6f2 3612 u-boot_2023.01+dfsg-2+deb12u3.dsc
 f4b94556f10cf7ff07807c3b1390ee190ca8028c 15684556 u-boot_2023.01+dfsg.orig.tar.xz
 46e9c22cf21e67c042807c11c3db08ff8628782b 61072 u-boot_2023.01+dfsg-2+deb12u3.debian.tar.xz
 fef7f8a2e5030b90e48a841738c480e485f3bdc1 7580 u-boot_2023.01+dfsg-2+deb12u3_source.buildinfo
Checksums-Sha256:
 baf9a1492456920ff66b00fdd19ce8c588261bc2698b4875c9f5fdcfb1332aae 3612 u-boot_2023.01+dfsg-2+deb12u3.dsc
 e75da6f089d063aaef39a1c17f1631791d87700662624e18de2121fa39a1ed44 15684556 u-boot_2023.01+dfsg.orig.tar.xz
 f9d96a5095d542d8732eccdabcd1d1e7eaaa832311ce395f78b8ead1fad9845e 61072 u-boot_2023.01+dfsg-2+deb12u3.debian.tar.xz
 a2501d09017515b954db6ef97fa759f9f4c92427d95a681bcaee76008faa7f27 7580 u-boot_2023.01+dfsg-2+deb12u3_source.buildinfo
Files:
 0140c302cae98ef622e0796884b3cfa5 3612 admin optional u-boot_2023.01+dfsg-2+deb12u3.dsc
 745c3ae196dd1c8b0128b600cd919741 15684556 admin optional u-boot_2023.01+dfsg.orig.tar.xz
 afb13f36a0329f555f342ef1dd413c3c 61072 admin optional u-boot_2023.01+dfsg-2+deb12u3.debian.tar.xz
 0653b9c80ab2a65b84aa1342cab8c226 7580 admin optional u-boot_2023.01+dfsg-2+deb12u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmo49ZwACgkQC8R9xk0T
UwZSyw//VBb84ikd3+gJ9/AbET7NrNRG98BlbN5jWKPS8JSpuI6DfZ+WPVOSfHbF
qSoMOXY3QiZ9Xb/omFjipmmegpAJ+MZ1/vqT+AEflULU8KfiwMAyvr/7evnZ9mdv
3x6DfDWZ4emc+irBNdJZOVRQKHEfxSSVOxBYghptoMjFjQmI8asEZhIQoTVqshpn
fqsu7AAfD0r5u9cyj8GcP13qH8Lzb5SO2KxRcXZ29n9KqGN+oNBwj4xM3++TA/M8
g628TOV6b6h/fLbSH+HYnCKpChZ/2jaWYbaCbrAHS6beHl52JDiSoHwky7ar7+z1
DHGXGvAYWXREtIeImUj9RhTzLS9csmAGIGsBibFJ27GK2++w0dgbf2vsswN2cyrh
ybrSnC4nGunX9ZHs7109KIH3NlIFbOeMEvdO7jd+bvqMOczDwBnFGNwQZ0KuTfUb
7oDZZ2Y9n6n1zJsnwJliUAu8OydkfDIFiW1CrdCOJqdnrSS14a1+qvkYVDBwc9oq
QsszyuJppXhh9UfCrmxWbCL8PfC6VEABmgOfVX8jAkkjt0ZyOQPIaYGzfwTx7KFt
bQsbTdaoD78xBUnmbdNSe+zSpHRxKVYHF4Uq+1aFBluoIyWbUoB/zKyFg6Pp3VZd
c0Ww/kstwJWpVdZ/NwLraiZ2XE9Yrxz4ZjmMIqgRCPPmc7w00QI=
=feoF
-----END PGP SIGNATURE-----
News for package u-boot
