u-boot - Debian Package Tracker

general

source: u-boot (main)
version: 2025.01-3
maintainer: Vagrant Cascadian (DMD)
uploaders: Loïc Minier [DMD] – Clint Adams [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2019.01+dfsg-7
oldstable: 2021.01+dfsg-5
old-sec: 2021.01+dfsg-5+deb11u1
stable: 2023.01+dfsg-2+deb12u1
testing: 2025.01-3
unstable: 2025.01-3

versioned links

2019.01+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2021.01+dfsg-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2021.01+dfsg-5+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2023.01+dfsg-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2025.01-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

u-boot (4 bugs: 1, 1, 2, 0)
u-boot-amlogic-binaries
u-boot-asahi (1 bugs: 0, 0, 1, 0)
u-boot-exynos (4 bugs: 0, 4, 0, 0)
u-boot-exynos-binaries
u-boot-imx (1 bugs: 0, 0, 1, 0)
u-boot-mvebu
u-boot-omap (1 bugs: 0, 1, 0, 0)
u-boot-qcom
u-boot-qemu (3 bugs: 0, 3, 0, 0)
u-boot-rockchip (2 bugs: 0, 1, 1, 0)
u-boot-rpi (3 bugs: 0, 2, 1, 0)
u-boot-sifive
u-boot-sitara-binaries
u-boot-starfive
u-boot-stm32
u-boot-sunxi (11 bugs: 1, 6, 4, 0)
u-boot-tegra
u-boot-tools (4 bugs: 0, 2, 2, 0)

action needed

A new upstream version is available: 2025.07~rc2 high

A new upstream version 2025.07~rc2 is available, you should consider packaging it.

Created: 2024-01-31 Last update: 2025-05-21 17:03

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2024-42040: Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.

Created: 2024-09-01 Last update: 2025-05-01 08:00

lintian reports 4 errors and 14 warnings high

Lintian reports 4 errors and 14 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-04-10 Last update: 2025-04-10 00:32

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-05-21 18:31

7 low-priority security issues in bookworm low

There are 7 open security issues in bookworm.

7 issues left for the package maintainer to handle:

CVE-2024-42040: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
CVE-2024-57254: (needs triaging) An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
CVE-2024-57255: (needs triaging) An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVE-2024-57256: (needs triaging) An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVE-2024-57257: (needs triaging) A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
CVE-2024-57258: (needs triaging) Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
CVE-2024-57259: (needs triaging) sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-09-01 Last update: 2025-05-01 08:00

debian/patches: 7 patches to forward upstream low

Among the 7 debian patches available in version 2025.01-3 of the package, we noticed the following issues:

7 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-04-09 12:01

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:23

news

[rss feed]

[2025-05-01] Accepted u-boot 2021.01+dfsg-5+deb11u1 (source) into oldstable-security (Daniel Leidert)
[2025-04-14] u-boot 2025.01-3 MIGRATED to testing (Debian testing watch)
[2025-04-08] Accepted u-boot 2025.01-3 (source) into unstable (Vagrant Cascadian)
[2025-03-13] u-boot 2025.01-2 MIGRATED to testing (Debian testing watch)
[2025-03-08] Accepted u-boot 2025.01-2 (source) into unstable (Vagrant Cascadian)
[2025-03-07] Accepted u-boot 2025.01-1 (source) into unstable (Vagrant Cascadian)
[2025-01-15] u-boot 2024.01+dfsg-7 MIGRATED to testing (Debian testing watch)
[2025-01-09] Accepted u-boot 2024.01+dfsg-7 (source) into unstable (Vagrant Cascadian)
[2025-01-08] u-boot 2024.01+dfsg-6 MIGRATED to testing (Debian testing watch)
[2025-01-02] Accepted u-boot 2024.01+dfsg-6 (source) into unstable (Vagrant Cascadian)
[2024-05-03] u-boot 2024.01+dfsg-5 MIGRATED to testing (Debian testing watch)
[2024-04-22] Accepted u-boot 2023.01+dfsg-2+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Vagrant Cascadian)
[2024-04-19] Accepted u-boot 2024.01+dfsg-5 (source) into unstable (Vagrant Cascadian)
[2024-04-19] Accepted u-boot 2024.01+dfsg-4 (source all amd64) into experimental (Debian FTP Masters) (signed by: Vagrant Cascadian)
[2024-03-20] Accepted u-boot 2024.01+dfsg-3 (source) into unstable (Vagrant Cascadian)
[2024-03-20] Accepted u-boot 2024.01+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2024-01-16] u-boot 2024.01+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-01-10] Accepted u-boot 2024.01+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2024-01-07] Accepted u-boot 2024.01~rc6+dfsg-2 (source armel) into experimental (Debian FTP Masters) (signed by: Vagrant Cascadian)
[2024-01-06] Accepted u-boot 2024.01~rc6+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2023-07-16] u-boot 2023.07+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-07-11] Accepted u-boot 2023.07+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2023-06-29] Accepted u-boot 2023.07~rc5+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2023-06-20] Accepted u-boot 2023.07~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2023-04-05] Accepted u-boot 2023.04+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2023-03-28] Accepted u-boot 2023.04~rc5+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2023-02-16] Accepted u-boot 2023.04~rc2+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2023-01-23] u-boot 2023.01+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-01-18] u-boot 2023.01+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-01-18] Accepted u-boot 2023.01+dfsg-2 (source) into unstable (Vagrant Cascadian)

bugs [bug history graph]

all: 46 47
RC: 2
I&N: 23
M&W: 20 21
F&P: 1
patch: 3

links

homepage
lintian (4, 14)
buildd: logs, checks, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2025.01-3ubuntu1
19 bugs
patches for 2025.01-3ubuntu1