Register | Log in

u-boot

Choose email to subscribe with

general

source: u-boot (main)
version: 2020.10+dfsg-2
maintainer: Vagrant Cascadian (DMD)
uploaders: Clint Adams [DMD] – Loïc Minier [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2014.10+dfsg1-5
oldstable: 2016.11+dfsg1-4
stable: 2019.01+dfsg-7
testing: 2020.10+dfsg-2
unstable: 2020.10+dfsg-2
exp: 2021.01~rc4+dfsg-2

versioned links

2014.10+dfsg1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2016.11+dfsg1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2019.01+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2020.10+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2021.01+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

u-boot (4 bugs: 0, 1, 3, 0)
u-boot-amlogic (1 bugs: 0, 0, 1, 0)
u-boot-exynos (2 bugs: 0, 2, 0, 0)
u-boot-imx
u-boot-mvebu
u-boot-omap (1 bugs: 0, 1, 0, 0)
u-boot-qcom
u-boot-qemu
u-boot-rockchip (1 bugs: 0, 1, 0, 0)
u-boot-rpi (2 bugs: 0, 2, 0, 0)
u-boot-sifive
u-boot-sunxi (12 bugs: 1, 7, 4, 0)
u-boot-tegra
u-boot-tools (4 bugs: 0, 1, 3, 0)

action needed

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-01-17 13:02

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2020-09-21 06:04

21 ignored security issues in stretch low

There are 21 open security issues in stretch.

21 issues skipped by the security teams:

CVE-2019-11059: Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
CVE-2019-11690: gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
CVE-2019-13103: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
CVE-2019-13104: In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
CVE-2019-13105: Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
CVE-2019-13106: Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
CVE-2019-14192: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-14193: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVE-2019-14194: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVE-2019-14195: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVE-2019-14196: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14197: An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2019-14198: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-14199: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
CVE-2019-14200: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-14201: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVE-2019-14202: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVE-2019-14203: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVE-2019-14204: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVE-2020-10648: Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
CVE-2020-8432: In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.

Please fix them.

Created: 2019-05-06 Last update: 2021-01-10 06:30

19 ignored security issues in buster low

There are 19 open security issues in buster.

19 issues skipped by the security teams:

CVE-2019-13103: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
CVE-2019-13104: In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
CVE-2019-13105: Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
CVE-2019-13106: Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
CVE-2019-14192: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-14193: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVE-2019-14194: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVE-2019-14195: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVE-2019-14196: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14197: An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2019-14198: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-14199: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
CVE-2019-14200: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-14201: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVE-2019-14202: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVE-2019-14203: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVE-2019-14204: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVE-2020-10648: Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
CVE-2020-8432: In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.

Please fix them.

Created: 2019-08-01 Last update: 2021-01-10 06:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:23

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migrates after: arm-trusted-firmware
- Migration status for u-boot (2020.10+dfsg-2 to 2021.01+dfsg-1): Waiting for test results, another package or too young (no action required now - check later)
- Issues preventing migration:
- autopkgtest for diffoscope/164: amd64: Test in progress, arm64: Pass, armhf: Test in progress, i386: Test in progress, ppc64el: Test in progress
- autopkgtest for freedom-maker/0.28: amd64: Test in progress, arm64: Pass, armhf: Test in progress, i386: Test in progress, ppc64el: Test in progress
- autopkgtest for lava/2020.12-1: amd64: Test in progress, arm64: Pass, armhf: Test in progress, i386: Test in progress, ppc64el: Test in progress
- Too young, only 0 of 5 days old
- Build-Depends(-Arch): u-boot arm-trusted-firmware
- Built-Using: u-boot arm-trusted-firmware
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/u/u-boot.html
- Not considered

news

[2021-01-17] Accepted u-boot 2021.01+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2021-01-10] u-boot 2020.10+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-01-06] Accepted u-boot 2021.01~rc4+dfsg-2 (source) into experimental (Vagrant Cascadian)
[2021-01-05] Accepted u-boot 2021.01~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2021-01-05] Accepted u-boot 2020.10+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2020-10-11] u-boot 2020.10+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-10-05] Accepted u-boot 2020.10+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2020-09-22] Accepted u-boot 2020.10~rc5+dfsg-1 (source) into experimental (Vagrant Cascadian) (signed by: Uwe Kleine-König)
[2020-09-03] u-boot 2020.07+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-08-29] Accepted u-boot 2020.10~rc3+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-08-29] Accepted u-boot 2020.07+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2020-07-15] u-boot 2020.07+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-07-09] Accepted u-boot 2020.07+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2020-06-10] Accepted u-boot 2020.07~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-06-04] Accepted u-boot 2020.07~rc3+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-05-19] Accepted u-boot 2020.07~rc2+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-04-26] u-boot 2020.04+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-04-21] Accepted u-boot 2020.04+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2020-04-20] u-boot 2020.04+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-04-15] Accepted u-boot 2020.04+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2020-04-07] Accepted u-boot 2020.04~rc5+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-02-18] u-boot 2020.01+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-02-13] Accepted u-boot 2020.04~rc2+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-02-13] Accepted u-boot 2020.01+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2020-01-13] u-boot 2020.01+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-01-08] Accepted u-boot 2020.01+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2019-12-18] Accepted u-boot 2020.01~rc5+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-10-17] Accepted u-boot 2019.10+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-09-24] Accepted u-boot 2019.10~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2019-07-09] Accepted u-boot 2019.07+dfsg-1 (source) into experimental (Vagrant Cascadian)

1
2

bugs [bug history graph]

all: 35
RC: 1
I&N: 17
M&W: 17
F&P: 0
patch: 3

links

homepage
lintian (0, 3)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2020.10+dfsg-1ubuntu6
15 bugs (1 patch)
patches for 2020.10+dfsg-1ubuntu6

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing