firmware-nonfree - Debian Package Tracker

general

source: firmware-nonfree (non-free-firmware)
version: 20230515-3
maintainer: Debian Kernel Team (archive) (DMD)
uploaders: Steve Langasek [DMD] – Bastian Blank [DMD] – Salvatore Bonaccorso [DMD] – maximilian attems [DMD] – Ben Hutchings [DMD]
arch: all
std-ver: 4.0.1
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20190114-2
o-o-sec: 20190114+really20220913-0+deb10u2
o-o-bpo: 20210315-3~bpo10+1
oldstable: 20210315-3
old-bpo: 20230210-5~bpo11+1
stable: 20230210-5
testing: 20230515-3
unstable: 20230515-3

versioned links

20190114-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20190114+really20220913-0+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20210315-3~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20210315-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230210-5~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230210-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230515-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

firmware-amd-graphics (8 bugs: 0, 8, 0, 0)
firmware-atheros (4 bugs: 0, 4, 0, 0)
firmware-bnx2
firmware-bnx2x (1 bugs: 0, 1, 0, 0)
firmware-brcm80211 (6 bugs: 0, 6, 0, 0)
firmware-cavium
firmware-intel-sound
firmware-ipw2x00
firmware-ivtv
firmware-iwlwifi (16 bugs: 0, 16, 0, 0)
firmware-libertas
firmware-linux (3 bugs: 0, 2, 1, 0)
firmware-linux-nonfree (4 bugs: 0, 1, 3, 0)
firmware-misc-nonfree (13 bugs: 0, 11, 2, 0)
firmware-myricom
firmware-netronome
firmware-netxen (1 bugs: 0, 1, 0, 0)
firmware-qcom-media
firmware-qcom-soc
firmware-qlogic
firmware-realtek (3 bugs: 0, 3, 0, 0)
firmware-samsung
firmware-siano
firmware-ti-connectivity (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 20230919 high

A new upstream version 20230919 is available, you should consider packaging it.

Created: 2023-06-27 Last update: 2023-10-04 03:34

5 security issues in trixie high

There are 5 open security issues in trixie.

5 important issues:

CVE-2022-27635: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

Created: 2023-08-18 Last update: 2023-10-01 00:08

5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:

CVE-2022-27635: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

Created: 2023-08-18 Last update: 2023-10-01 00:08

4 bugs tagged help in the BTS normal

The BTS contains 4 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2023-10-04 04:01

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs (4 if counting merged bugs), consider including or untagging them.

Created: 2023-09-13 Last update: 2023-10-04 04:01

13 low-priority security issues in bullseye low

There are 13 open security issues in bullseye.

13 issues left for the package maintainer to handle:

CVE-2020-24586: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
CVE-2020-24587: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
CVE-2020-24588: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
CVE-2021-23168: (needs triaging) Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-23223: (needs triaging) Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-37409: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-44545: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-21181: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-27635: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: (needs triaging) Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: (needs triaging) Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: (needs triaging) Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-10-01 00:08

5 low-priority security issues in bookworm low

There are 5 open security issues in bookworm.

5 issues left for the package maintainer to handle:

CVE-2022-27635: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: (needs triaging) Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: (needs triaging) Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: (needs triaging) Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-08-18 Last update: 2023-10-01 00:08

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.0.1).

Created: 2023-05-16 Last update: 2023-07-05 00:40

news

[rss feed]

[2023-09-30] Accepted firmware-nonfree 20190114+really20220913-0+deb10u2 (source all) into oldoldstable (Tobias Frost)
[2023-07-17] Accepted firmware-nonfree 20230210-5~bpo11+1 (source) into bullseye-backports (Debian FTP Masters) (signed by: Ben Hutchings)
[2023-07-10] firmware-nonfree 20230515-3 MIGRATED to testing (Debian testing watch)
[2023-07-10] firmware-nonfree 20230515-3 MIGRATED to testing (Debian testing watch)
[2023-07-04] Accepted firmware-nonfree 20230515-3 (source) into unstable (Salvatore Bonaccorso)
[2023-07-02] firmware-nonfree 20230515-2 MIGRATED to testing (Debian testing watch)
[2023-06-27] Accepted firmware-nonfree 20230515-2 (source) into unstable (Salvatore Bonaccorso)
[2023-06-25] Accepted firmware-nonfree 20230515-1 (source) into unstable (Salvatore Bonaccorso)
[2023-06-23] firmware-nonfree 20230404-1 MIGRATED to testing (Debian testing watch)
[2023-06-23] firmware-nonfree 20230404-1 MIGRATED to testing (Debian testing watch)
[2023-06-17] Accepted firmware-nonfree 20230404-1 (source) into unstable (Salvatore Bonaccorso)
[2023-05-12] firmware-nonfree 20230210-5 MIGRATED to testing (Debian testing watch)
[2023-05-02] Accepted firmware-nonfree 20230310-1~exp2 (source) into experimental (Salvatore Bonaccorso)
[2023-05-01] Accepted firmware-nonfree 20230210-5 (source) into unstable (Salvatore Bonaccorso)
[2023-04-22] Accepted firmware-nonfree 20230210-4~bpo11+1 (source) into bullseye-backports (Ben Hutchings)
[2023-04-01] Accepted firmware-nonfree 20230310-1~exp1 (source) into experimental (Salvatore Bonaccorso)
[2023-04-01] Accepted firmware-nonfree 20190114+really20220913-0+deb10u1 (source) into oldstable (Tobias Frost)
[2023-03-17] firmware-nonfree 20230210-4 MIGRATED to testing (Debian testing watch)
[2023-03-11] Accepted firmware-nonfree 20230210-4 (source) into unstable (Salvatore Bonaccorso)
[2023-03-11] Accepted firmware-nonfree 20230210-3 (source) into unstable (Salvatore Bonaccorso)
[2023-03-08] firmware-nonfree 20230210-2 MIGRATED to testing (Debian testing watch)
[2023-02-25] Accepted firmware-nonfree 20230210-2 (source) into unstable (Salvatore Bonaccorso)
[2023-02-22] firmware-nonfree 20230210-1 MIGRATED to testing (Debian testing watch)
[2023-02-11] Accepted firmware-nonfree 20230210-1 (source) into unstable (Salvatore Bonaccorso)
[2023-02-11] firmware-nonfree 20230117-2 MIGRATED to testing (Debian testing watch)
[2023-02-11] firmware-nonfree 20230117-2 MIGRATED to testing (Debian testing watch)
[2023-02-05] Accepted firmware-nonfree 20230117-2 (source) into unstable (Salvatore Bonaccorso)
[2023-01-31] Accepted firmware-nonfree 20230117-1 (source) into unstable (Salvatore Bonaccorso)
[2023-01-31] firmware-nonfree 20221214-5 MIGRATED to testing (Debian testing watch)
[2023-01-28] Accepted firmware-nonfree 20221214-5 (source all) into unstable (Debian FTP Masters) (signed by: Cyril Brulebois)

bugs [bug history graph]

all: 70 75
RC: 0
I&N: 56 58
M&W: 14 17
F&P: 0
patch: 3 4
help: 4

links

buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
debian patches