Register | Log in

u-boot

Choose email to subscribe with

general

source: u-boot (main)
version: 2020.01+dfsg-2
maintainer: Vagrant Cascadian (DMD)
uploaders: Loïc Minier [DMD] – Clint Adams [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2014.10+dfsg1-5
oldstable: 2016.11+dfsg1-4
stable: 2019.01+dfsg-7
testing: 2020.01+dfsg-2
unstable: 2020.01+dfsg-2
exp: 2020.04~rc2+dfsg-1

versioned links

2014.10+dfsg1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2016.11+dfsg1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2019.01+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2020.01+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2020.04~rc2+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

u-boot (3 bugs: 0, 1, 2, 0)
u-boot-amlogic (1 bugs: 0, 0, 1, 0)
u-boot-exynos (2 bugs: 0, 2, 0, 0)
u-boot-imx (1 bugs: 0, 1, 0, 0)
u-boot-mvebu
u-boot-omap
u-boot-qcom
u-boot-qemu
u-boot-rockchip (1 bugs: 0, 1, 0, 0)
u-boot-rpi
u-boot-sifive
u-boot-sunxi (9 bugs: 0, 7, 2, 0)
u-boot-tegra
u-boot-tools (3 bugs: 0, 1, 2, 0)

action needed

A new upstream version is available: 2020.04~rc2 high

A new upstream version 2020.04~rc2 is available, you should consider packaging it.

Created: 2020-02-01 Last update: 2020-02-17 19:52

18 ignored security issues in buster low

There are 18 open security issues in buster.

18 issues skipped by the security teams:

CVE-2019-14204: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVE-2019-14203: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVE-2019-14202: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVE-2019-14201: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVE-2019-14200: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-13105: Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
CVE-2019-13104: In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
CVE-2019-14193: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVE-2019-14192: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-13106: Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
CVE-2019-14197: An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2019-14196: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14195: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVE-2019-14194: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVE-2020-8432: In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
CVE-2019-14199: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
CVE-2019-14198: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-13103: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

Please fix them.

Created: 2019-08-01 Last update: 2020-02-18 04:49

20 ignored security issues in jessie low

There are 20 open security issues in jessie.

20 issues skipped by the security teams:

CVE-2019-14204: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVE-2019-14203: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVE-2019-14202: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVE-2019-14201: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVE-2019-14200: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-13105: Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
CVE-2019-13104: In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
CVE-2019-14193: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVE-2019-14192: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-13106: Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
CVE-2019-14197: An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2019-14196: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14195: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVE-2019-14194: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVE-2020-8432: In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
CVE-2019-14199: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
CVE-2019-14198: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-13103: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
CVE-2019-11690: gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
CVE-2019-11059: Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.

Please fix them.

Created: 2019-05-06 Last update: 2020-02-18 04:49

20 ignored security issues in stretch low

There are 20 open security issues in stretch.

20 issues skipped by the security teams:

CVE-2019-14204: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVE-2019-14203: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVE-2019-14202: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVE-2019-14201: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVE-2019-14200: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-13105: Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
CVE-2019-13104: In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
CVE-2019-14193: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVE-2019-14192: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-13106: Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
CVE-2019-14197: An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2019-14196: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14195: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVE-2019-14194: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVE-2020-8432: In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
CVE-2019-14199: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
CVE-2019-14198: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-13103: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
CVE-2019-11690: gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
CVE-2019-11059: Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.

Please fix them.

Created: 2019-05-06 Last update: 2020-02-18 04:49

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

u-boot-qemu could be marked Multi-Arch: foreign

Created: 2020-01-08 Last update: 2020-02-18 02:03

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:23

news

[2020-02-18] u-boot 2020.01+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-02-13] Accepted u-boot 2020.04~rc2+dfsg-1 (source) into experimental (Debian FTP Masters) (signed by: Vagrant Cascadian)
[2020-02-13] Accepted u-boot 2020.01+dfsg-2 (source) into unstable (Debian FTP Masters) (signed by: Vagrant Cascadian)
[2020-01-13] u-boot 2020.01+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-01-08] Accepted u-boot 2020.01+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2019-12-18] Accepted u-boot 2020.01~rc5+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-10-17] Accepted u-boot 2019.10+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-09-24] Accepted u-boot 2019.10~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-07-09] Accepted u-boot 2019.07+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-06-11] Accepted u-boot 2019.07~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-05-19] u-boot 2019.01+dfsg-7 MIGRATED to testing (Debian testing watch)
[2019-05-18] Accepted u-boot 2019.07~rc2+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-05-14] Accepted u-boot 2019.01+dfsg-7 (source) into unstable (Vagrant Cascadian)
[2019-05-13] Accepted u-boot 2019.07~rc1+dfsg-4 (source) into experimental (Vagrant Cascadian)
[2019-05-12] Accepted u-boot 2019.07~rc1+dfsg-3 (source all amd64) into experimental, experimental (Vagrant Cascadian)
[2019-05-12] Accepted u-boot 2019.07~rc1+dfsg-2 (source all amd64) into experimental, experimental (Vagrant Cascadian)
[2019-05-12] Accepted u-boot 2019.01+dfsg-6 (source) into unstable (Vagrant Cascadian)
[2019-04-25] u-boot 2019.01+dfsg-5 MIGRATED to testing (Debian testing watch)
[2019-04-20] Accepted u-boot 2019.01+dfsg-5 (source) into unstable (Vagrant Cascadian)
[2019-04-17] Accepted u-boot 2019.04+dfsg-2 (source) into experimental (Vagrant Cascadian)
[2019-04-15] u-boot 2019.01+dfsg-4 MIGRATED to testing (Debian testing watch)
[2019-04-09] Accepted u-boot 2019.04+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-04-09] Accepted u-boot 2019.01+dfsg-4 (source) into unstable (Vagrant Cascadian)
[2019-03-11] u-boot 2019.01+dfsg-3 MIGRATED to testing (Debian testing watch)
[2019-03-01] Accepted u-boot 2019.01+dfsg-3 (source) into unstable (Vagrant Cascadian)
[2019-03-01] u-boot 2019.01+dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-02-19] Accepted u-boot 2019.01+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2019-01-20] u-boot 2019.01+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-01-15] Accepted u-boot 2019.01+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2019-01-09] Accepted u-boot 2019.01~rc3+dfsg-1 (source) into experimental (Vagrant Cascadian)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, exp, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing