u-boot - Debian Package Tracker

general

source: u-boot (main)
version: 2021.01+dfsg-5
maintainer: Vagrant Cascadian (DMD)
uploaders: Loïc Minier [DMD] – Clint Adams [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2016.11+dfsg1-4
stable: 2019.01+dfsg-7
testing: 2021.01+dfsg-5
unstable: 2021.01+dfsg-5
exp: 2021.07~rc4+dfsg-1

versioned links

2016.11+dfsg1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2019.01+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2021.01+dfsg-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2021.07~rc4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

u-boot (3 bugs: 0, 1, 2, 0)
u-boot-amlogic (1 bugs: 0, 0, 1, 0)
u-boot-exynos (2 bugs: 0, 2, 0, 0)
u-boot-imx
u-boot-mvebu
u-boot-omap (1 bugs: 0, 1, 0, 0)
u-boot-qcom
u-boot-qemu
u-boot-rockchip (1 bugs: 0, 1, 0, 0)
u-boot-rpi (2 bugs: 0, 2, 0, 0)
u-boot-sifive
u-boot-sunxi (13 bugs: 1, 7, 5, 0)
u-boot-tegra
u-boot-tools (5 bugs: 0, 1, 4, 0)

action needed

A new upstream version is available: 2021.07~rc4 high

A new upstream version 2021.07~rc4 is available, you should consider packaging it.

Created: 2021-02-03 Last update: 2021-06-24 11:41

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2021-27097: The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
CVE-2021-27138: The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.

Created: 2021-02-20 Last update: 2021-05-30 04:30

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-06-24 14:33

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-01-27 03:05

21 low-priority security issues in buster low

There are 21 open security issues in buster.

2 issues left for the package maintainer to handle:

CVE-2021-27097: (needs triaging) The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
CVE-2021-27138: (needs triaging) The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.

You can find information about how to handle these issues in the security team's documentation.

19 ignored issues:

CVE-2019-13103: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
CVE-2019-13104: In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
CVE-2019-13105: Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
CVE-2019-13106: Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
CVE-2019-14192: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-14193: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVE-2019-14194: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVE-2019-14195: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVE-2019-14196: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14197: An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2019-14198: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-14199: An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
CVE-2019-14200: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-14201: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVE-2019-14202: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVE-2019-14203: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVE-2019-14204: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVE-2020-10648: Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
CVE-2020-8432: In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.

Created: 2021-02-19 Last update: 2021-05-30 04:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:23

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-06-19] Accepted u-boot 2021.07~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2021-05-30] u-boot 2021.01+dfsg-5 MIGRATED to testing (Debian testing watch)
[2021-05-23] Accepted u-boot 2021.01+dfsg-5 (source) into unstable (Vagrant Cascadian)
[2021-04-02] u-boot 2021.01+dfsg-4 MIGRATED to testing (Debian testing watch)
[2021-03-21] Accepted u-boot 2021.04~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2021-03-13] Accepted u-boot 2021.04~rc3+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2021-03-12] Accepted u-boot 2021.01+dfsg-4 (source) into unstable (Vagrant Cascadian)
[2021-03-11] u-boot 2021.01+dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-03-01] Accepted u-boot 2021.01+dfsg-3 (source) into unstable (Vagrant Cascadian)
[2021-01-27] u-boot 2021.01+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-01-22] Accepted u-boot 2021.01+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2021-01-17] Accepted u-boot 2021.01+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2021-01-10] u-boot 2020.10+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-01-06] Accepted u-boot 2021.01~rc4+dfsg-2 (source) into experimental (Vagrant Cascadian)
[2021-01-05] Accepted u-boot 2021.01~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2021-01-05] Accepted u-boot 2020.10+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2020-10-11] u-boot 2020.10+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-10-05] Accepted u-boot 2020.10+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2020-09-22] Accepted u-boot 2020.10~rc5+dfsg-1 (source) into experimental (Vagrant Cascadian) (signed by: Uwe Kleine-König)
[2020-09-03] u-boot 2020.07+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-08-29] Accepted u-boot 2020.10~rc3+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-08-29] Accepted u-boot 2020.07+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2020-07-15] u-boot 2020.07+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-07-09] Accepted u-boot 2020.07+dfsg-1 (source) into unstable (Vagrant Cascadian)
[2020-06-10] Accepted u-boot 2020.07~rc4+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-06-04] Accepted u-boot 2020.07~rc3+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-05-19] Accepted u-boot 2020.07~rc2+dfsg-1 (source) into experimental (Vagrant Cascadian)
[2020-04-26] u-boot 2020.04+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-04-21] Accepted u-boot 2020.04+dfsg-2 (source) into unstable (Vagrant Cascadian)
[2020-04-20] u-boot 2020.04+dfsg-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 38
RC: 1
I&N: 19
M&W: 18
F&P: 0
patch: 3

links

homepage
lintian (0, 3)
buildd: logs, exp, checks, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2021.01+dfsg-4ubuntu2
14 bugs
patches for 2021.01+dfsg-4ubuntu2