Bug#1120393: trixie-pu: package edk2/2025.02-8+deb13u1
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: edk2@packages.debian.org
Control: affects -1 + src:edk2
User: release.debian.org@packages.debian.org
Usertags: pu
[ Reason ]
3 security fixes. 2 were requested by the security team. The other is
an OpenSSL one (embedded code), which is minor in this context.
[ Impact ]
Addresses minor security fixes.
[ Tests ]
There are no specific tests for these vulnerabilities. There
are autopkgtests for regressions.
[ Risks ]
A regression would likely lead to existing VMs not being able to boot.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
* Cherry-pick openssl fix for timing side-channel in ECDSA signature
computation, CVE-2024-13176.
- d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
* Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805.
- d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch
* Safe handling of IDT register on SMM entry, CVE-2025-3770.
- d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch
[ Other info ]
hi.
Reply to: