firmware-nonfree - Debian Package Tracker

general

source: firmware-nonfree (non-free)
version: 20210818-1
maintainer: Debian Kernel Team (archive) (DMD)
uploaders: maximilian attems [DMD] – Ben Hutchings [DMD] – Steve Langasek [DMD] – Bastian Blank [DMD]
arch: all
std-ver: 4.0.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20161130-5
o-o-sec: 20190114-2~deb9u1
o-o-bpo: 20190114-2~bpo9+1
oldstable: 20190114-2
old-bpo: 20210315-3~bpo10+1
stable: 20210315-3
testing: 20210818-1
unstable: 20210818-1

versioned links

20161130-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20190114-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20190114-2~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20190114-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20210315-3~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20210315-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20210818-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

firmware-amd-graphics
firmware-atheros (5 bugs: 0, 5, 0, 0)
firmware-bnx2
firmware-bnx2x
firmware-brcm80211 (2 bugs: 0, 2, 0, 0)
firmware-cavium
firmware-intel-sound
firmware-intelwimax
firmware-ipw2x00
firmware-ivtv
firmware-iwlwifi (14 bugs: 0, 14, 0, 0)
firmware-libertas
firmware-linux (1 bugs: 0, 0, 1, 0)
firmware-linux-nonfree (5 bugs: 0, 1, 4, 0)
firmware-misc-nonfree (3 bugs: 0, 1, 2, 0)
firmware-myricom
firmware-netronome
firmware-netxen
firmware-qcom-media
firmware-qcom-soc
firmware-qlogic
firmware-realtek (2 bugs: 0, 2, 0, 0)
firmware-samsung
firmware-siano
firmware-ti-connectivity (1 bugs: 0, 1, 0, 0)

action needed

lintian reports 213 errors and 15675 warnings high

Lintian reports 213 errors and 15675 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-09-06 Last update: 2021-09-06 18:32

10 security issues in stretch high

There are 10 open security issues in stretch.

3 important issues:

CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

4 issues postponed or untriaged:

CVE-2020-12313: (needs triaging) Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-12317: (needs triaging) Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12319: (needs triaging) Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12321: (needs triaging) Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

3 ignored issues:

CVE-2020-12362: Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2020-12363: Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
CVE-2020-12364: Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

Created: 2021-06-25 Last update: 2021-08-30 06:04

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2020-12313: Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-12317: Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12319: Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12321: Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Created: 2021-02-19 Last update: 2021-08-30 06:04

7 security issues in bullseye high

There are 7 open security issues in bullseye.

4 important issues:

CVE-2020-12313: Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-12317: Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12319: Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12321: Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

3 issues left for the package maintainer to handle:

CVE-2020-24586: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
CVE-2020-24587: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
CVE-2020-24588: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-08-30 06:04

4 security issues in bookworm high

There are 4 open security issues in bookworm.

4 important issues:

CVE-2020-12313: Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-12317: Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12319: Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12321: Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Created: 2021-08-15 Last update: 2021-08-30 06:04

4 bugs tagged help in the BTS normal

The BTS contains 4 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2021-09-20 15:00

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug (2 if counting merged bugs), consider including or untagging them.

Created: 2021-08-14 Last update: 2021-09-20 15:00

10 low-priority security issues in buster low

There are 10 open security issues in buster.

10 issues left for the package maintainer to handle:

CVE-2020-12313: (needs triaging) Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-12317: (needs triaging) Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12319: (needs triaging) Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-12321: (needs triaging) Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-12362: (needs triaging) Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2020-12363: (needs triaging) Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
CVE-2020-12364: (needs triaging) Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
CVE-2020-24586: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
CVE-2020-24587: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
CVE-2020-24588: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-08-30 06:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.0.1).

Created: 2021-03-31 Last update: 2021-08-25 04:29

news

[rss feed]

[2021-08-30] firmware-nonfree 20210818-1 MIGRATED to testing (Debian testing watch)
[2021-08-24] Accepted firmware-nonfree 20210818-1 (source) into unstable (maximilian attems)
[2021-08-20] Accepted firmware-nonfree 20210716-1~exp1 (source) into experimental (maximilian attems)
[2021-08-20] Accepted firmware-nonfree 20210511-1 (source) into unstable (maximilian attems)
[2021-08-18] Accepted firmware-nonfree 20210511-1~exp1 (source) into experimental (maximilian attems)
[2021-08-17] Accepted firmware-nonfree 20210427-1 (source) into unstable (maximilian attems)
[2021-08-16] Accepted firmware-nonfree 20210315-3~bpo10+1 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Roger Shimizu)
[2021-07-28] firmware-nonfree 20210315-3 MIGRATED to testing (Debian testing watch)
[2021-07-25] Accepted firmware-nonfree 20210315-3 (source) into unstable (Ben Hutchings)
[2021-04-16] Accepted firmware-nonfree 20210315-2~bpo10+1 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Roger Shimizu)
[2021-04-08] Accepted firmware-nonfree 20210208-4~bpo10+1 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Roger Shimizu)
[2021-04-07] firmware-nonfree 20210315-2 MIGRATED to testing (Debian testing watch)
[2021-03-27] Accepted firmware-nonfree 20210315-2 (source all) into unstable (maximilian attems)
[2021-03-24] Accepted firmware-nonfree 20210322-1~exp1 (source) into experimental (maximilian attems)
[2021-03-20] Accepted firmware-nonfree 20210315-1 (source all) into unstable (maximilian attems)
[2021-03-19] firmware-nonfree 20210208-4 MIGRATED to testing (Debian testing watch)
[2021-03-16] Accepted firmware-nonfree 20210315-1~exp1 (source all) into experimental (maximilian attems)
[2021-03-13] Accepted firmware-nonfree 20210208-4 (source all) into unstable (maximilian attems)
[2021-03-09] firmware-nonfree 20210208-3 MIGRATED to testing (Debian testing watch)
[2021-02-26] Accepted firmware-nonfree 20210208-3 (source all) into unstable (maximilian attems)
[2021-02-24] Accepted firmware-nonfree 20210208-2 (source all) into unstable (maximilian attems)
[2021-02-09] Accepted firmware-nonfree 20210208-1 (source all) into unstable (maximilian attems)
[2021-01-30] firmware-nonfree 20201218-3 MIGRATED to testing (Debian testing watch)
[2021-01-25] Accepted firmware-nonfree 20201218-3 (source all) into unstable (maximilian attems)
[2021-01-25] firmware-nonfree 20201218-2 MIGRATED to testing (Debian testing watch)
[2021-01-19] Accepted firmware-nonfree 20201218-2 (source all) into unstable (maximilian attems)
[2021-01-19] firmware-nonfree 20201218-1 MIGRATED to testing (Debian testing watch)
[2021-01-14] Accepted firmware-nonfree 20201218-1 (source all) into unstable (maximilian attems)
[2021-01-14] firmware-nonfree 20201118-1 MIGRATED to testing (Debian testing watch)
[2021-01-09] Accepted firmware-nonfree 20201118-1 (source all) into unstable (maximilian attems)

bugs [bug history graph]

all: 45 49
RC: 0
I&N: 29
M&W: 15 18
F&P: 1 2
patch: 1 2
help: 4

links

lintian (213, 15675)
buildd: logs, clang
popcon
browse source code
edit tags
other distros
security tracker