Debian Package Tracker

general

source: edk2 (main)
version: 2020.11-2
maintainer: Debian QEMU Team (archive) (DMD)
uploaders: Serge Hallyn [DMD] – Steve Langasek [DMD] – dann frazier [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0~20131112.2590861a-3
oldstable: 0~20161202.7bbe0b3e-1+deb9u1
stable: 0~20181115.85588389-3+deb10u2
stable-bpo: 2020.05-3~bpo+1
stable-p-u: 0~20181115.85588389-3+deb10u3
testing: 2020.11-2
unstable: 2020.11-2

versioned links

0~20131112.2590861a-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0~20161202.7bbe0b3e-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0~20181115.85588389-3+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0~20181115.85588389-3+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2020.05-3~bpo+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2020.11-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ovmf
ovmf-ia32
qemu-efi
qemu-efi-aarch64
qemu-efi-arm

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-14560:

Please fix it.

Created: 2020-07-17 Last update: 2020-12-18 07:00

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-14560:

Please fix it.

Created: 2020-07-17 Last update: 2020-12-18 07:00

lintian reports 4 warnings high

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-08-22 06:03

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-08-10 Last update: 2021-01-23 23:32

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2020.11-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit f36bdf0ac4ffeb1e5682db17d7998992d47ca41e
Author: dann frazier <dannf@debian.org>
Date:   Fri Jan 8 09:55:37 2021 -0700

    autopkgtest: Update copyright years

commit 4c201d389636d5cc6d69fe1b9c43882a882d2d42
Author: dann frazier <dannf@debian.org>
Date:   Thu Jan 7 08:49:52 2021 -0700

    autopkgtest: Add tests to validate secureboot.

commit 99dab9f45bd59019d1f25a6752eba53134ecb9fc
Author: dann frazier <dannf@debian.org>
Date:   Wed Jan 6 19:19:33 2021 -0700

    autopkgtest: Require guest shutdown to complete.

commit 2a093e0427e3f1f2d6c3bc84ad55b76e1d471c37
Author: dann frazier <dannf@debian.org>
Date:   Wed Jan 6 19:17:05 2021 -0700

    autopkgtest: Add missing carriage return to 'reset -s' command
    
    It is intended to shutdown the guest, but wasn't actually being issued.

commit c7b44788c1ee2328490dccd63c8a76c341cca58f
Author: dann frazier <dannf@debian.org>
Date:   Wed Jan 6 19:02:07 2021 -0700

    autopkgtest: Drop 'atexit' usage
    
    Avoid needing to use 'atexit' callbacks to cleanup uefi variable flash
    images by implementing a PflashParams object that cleans itself up when
    deleted.

commit e3ff0c0c99e0be7d1574cb628a0f69fe3dcf93d7
Author: dann frazier <dannf@debian.org>
Date:   Tue Dec 29 11:34:52 2020 -0700

    tests/shell.py: Drop unused argparse import

Created: 2021-01-08 Last update: 2021-01-22 06:34

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

qemu-efi could be marked Multi-Arch: foreign

Created: 2018-03-15 Last update: 2021-01-24 05:06

12 ignored security issues in stretch low

There are 12 open security issues in stretch.

12 issues skipped by the security teams:

CVE-2018-12183: Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
CVE-2019-0160: Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2019-0161: Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
CVE-2019-14558: Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2019-14559: Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2019-14560:
CVE-2019-14562: Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-14563: Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14575: Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14584:
CVE-2019-14586: Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
CVE-2019-14587: Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Please fix them.

Created: 2019-02-28 Last update: 2020-12-18 07:00

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2019-14560:
CVE-2019-14584:

Please fix them.

Created: 2020-07-17 Last update: 2020-12-18 07:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-12-15 22:11

news

[rss feed]

[2021-01-23] Accepted edk2 0~20181115.85588389-3+deb10u3 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: dann frazier)
[2020-12-18] edk2 2020.11-2 MIGRATED to testing (Debian testing watch)
[2020-12-15] Accepted edk2 2020.11-2 (source) into unstable (dann frazier)
[2020-12-14] Accepted edk2 2020.11-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: dann frazier)
[2020-10-16] Accepted edk2 0~20181115.85588389-3+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: dann frazier)
[2020-10-01] edk2 2020.08-1 MIGRATED to testing (Debian testing watch)
[2020-09-28] Accepted edk2 2020.08-1 (source) into unstable (dann frazier)
[2020-09-10] edk2 2020.05-5 MIGRATED to testing (Debian testing watch)
[2020-09-07] Accepted edk2 2020.05-5 (source) into unstable (dann frazier)
[2020-09-05] edk2 2020.05-4 MIGRATED to testing (Debian testing watch)
[2020-09-02] Accepted edk2 2020.05-4 (source) into unstable (dann frazier)
[2020-08-30] Accepted edk2 2020.05-3~bpo+1 (source) into buster-backports (Aurelien Jarno)
[2020-08-10] edk2 2020.05-3 MIGRATED to testing (Debian testing watch)
[2020-08-06] Accepted edk2 2020.05-3 (source) into unstable (dann frazier)
[2020-06-14] edk2 2020.05-2 MIGRATED to testing (Debian testing watch)
[2020-06-11] Accepted edk2 2020.05-2 (source) into unstable (dann frazier)
[2020-06-06] edk2 2020.05-1 MIGRATED to testing (Debian testing watch)
[2020-06-03] Accepted edk2 2020.05-1 (source) into unstable (dann frazier)
[2020-04-25] Accepted edk2 0~20181115.85588389-3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: dann frazier)
[2020-04-22] Accepted edk2 0.0~20200229-2~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Aurelien Jarno)
[2020-04-14] edk2 0.0~20200229-2 MIGRATED to testing (Debian testing watch)
[2020-04-11] Accepted edk2 0.0~20200229-2 (source) into unstable (dann frazier)
[2020-04-03] edk2 0.0~20200229-1 MIGRATED to testing (Debian testing watch)
[2020-03-31] Accepted edk2 0.0~20200229-1 (source) into unstable (dann frazier)
[2020-03-16] edk2 0~20200229.4c0f6e34-1 MIGRATED to testing (Debian testing watch)
[2020-03-14] Accepted edk2 0~20200229.4c0f6e34-1 (source) into unstable (dann frazier)
[2020-03-01] edk2 0~20191122.bd85bf54-2 MIGRATED to testing (Debian testing watch)
[2020-02-27] Accepted edk2 0~20191122.bd85bf54-2 (source) into unstable (dann frazier)
[2019-12-11] edk2 0~20191122.bd85bf54-1 MIGRATED to testing (Debian testing watch)
[2019-12-08] Accepted edk2 0~20191122.bd85bf54-1 (source) into unstable (dann frazier)

bugs [bug history graph]

all: 6
RC: 0
I&N: 1
M&W: 5
F&P: 0
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2020.11-2
7 bugs