Format: 1.8
Date: Fri, 25 Nov 2022 09:51:54 -0500
Source: u-boot
Binary: u-boot-qemu u-boot-tools
Architecture: all amd64
Version: 2021.01+dfsg-3ubuntu0~20.04.5
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-075.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 u-boot-qemu - A boot loader for qemu
 u-boot-tools - companion tools for Das U-Boot bootloader
Changes:
 u-boot (2021.01+dfsg-3ubuntu0~20.04.5) focal-security; urgency=medium
 .
   * SECURITY UPDATE: unchecked length field in DFU implementation
     - debian/patches/CVE-2022-2347-pre1.patch: handle short frame result of
       UPLOAD in state_dfu_idle in drivers/usb/gadget/f_dfu.c.
     - debian/patches/CVE-2022-2347.patch: fix the unchecked length field in
       drivers/usb/gadget/f_dfu.c.
     - CVE-2022-2347
   * SECURITY UPDATE: buffer overflow via invalid packets
     - debian/patches/CVE-2022-30552_30790.patch: check for the minimum IP
       fragmented datagram size in include/net.h, net/net.c.
     - CVE-2022-30552
     - CVE-2022-30790
   * SECURITY UPDATE: incomplete fix for CVE-2019-14196
     - debian/patches/CVE-2022-30767.patch: switch length to unsigned int in
       net/nfs.c.
     - CVE-2022-30767
   * SECURITY UPDATE: out of bounds write via sqfs_readdir()
     - debian/patches/CVE-2022-33103.patch: prevent arbitrary code execution
       in fs/squashfs/sqfs.c, include/fs.h.
     - CVE-2022-33103
   * SECURITY UPDATE: heap buffer overflow in metadata reading
     - debian/patches/CVE-2022-33967.patch: use kcalloc when relevant in
       fs/squashfs/sqfs.c.
     - CVE-2022-33967
   * SECURITY UPDATE: stack overflow in i2c md command
     - debian/patches/CVE-2022-34835.patch: switch to unsigned int in
       cmd/i2c.c.
     - CVE-2022-34835
Checksums-Sha1:
 a20b0b3de3eac1222e053a30cf91e6f59a4dd635 1431824 u-boot-qemu_2021.01+dfsg-3ubuntu0~20.04.5_all.deb
 7a8433b6cee398c79bf5a518a4551e279a2562f0 17312 u-boot-tools-dbgsym_2021.01+dfsg-3ubuntu0~20.04.5_amd64.ddeb
 4b275db8ccc484a13c60a2534853ee1adb190b79 165340 u-boot-tools_2021.01+dfsg-3ubuntu0~20.04.5_amd64.deb
 7c5105a08402958bb05b067ccf18edf4cef539c6 11358 u-boot_2021.01+dfsg-3ubuntu0~20.04.5_amd64.buildinfo
Checksums-Sha256:
 ab27c39c82f09bd0b962a6291b5d801d91f6632429bcb1f00201cae23fa35893 1431824 u-boot-qemu_2021.01+dfsg-3ubuntu0~20.04.5_all.deb
 5e1b47ebe188158d1442b99a02ac562ebdbfc477a3bb9c047a4ac88763d7b637 17312 u-boot-tools-dbgsym_2021.01+dfsg-3ubuntu0~20.04.5_amd64.ddeb
 0cf82b867b4021dd90228cc5caf91d3095edf6a7a8231d514ce65da323c974ce 165340 u-boot-tools_2021.01+dfsg-3ubuntu0~20.04.5_amd64.deb
 4ead73eac74e9cad19c8df53eb84beafca00a71ddeb321c7bfd95999711e5bd4 11358 u-boot_2021.01+dfsg-3ubuntu0~20.04.5_amd64.buildinfo
Files:
 608d2646a9613cd8d0cc90e029e8fdc0 1431824 admin optional u-boot-qemu_2021.01+dfsg-3ubuntu0~20.04.5_all.deb
 12bebda275723187fc1407d5095a0c63 17312 debug optional u-boot-tools-dbgsym_2021.01+dfsg-3ubuntu0~20.04.5_amd64.ddeb
 e9ce2903b8ff672c44f49b4dc713122b 165340 admin optional u-boot-tools_2021.01+dfsg-3ubuntu0~20.04.5_amd64.deb
 a00a2a85db81db87cc40fee375cfc331 11358 admin optional u-boot_2021.01+dfsg-3ubuntu0~20.04.5_amd64.buildinfo
Original-Maintainer: Vagrant Cascadian <vagrant@debian.org>