| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Do-not-use-ld-fatal-warnings.patch | Do not use ld fatal-warnings fatal-warnings are almost guaranteed to break the build when using a more recent linker than the upstream developers. Get rid of them so the package can be built with some warnings and be maintained sanely in the long run. |
Bastian Germann <bage@debian.org> | not-needed | 2022-07-26 | ||
| Prevent-reading-version-from-git.patch | Prevent reading version from git | Bastian Germann <bage@debian.org> | not-needed | 2021-12-07 | ||
| tools-Ensure-that-kernelfile-and-kernelparams-are-nu.patch | [PATCH 4/9] tools: Ensure that kernelfile and kernelparams are null-terminated Analogously to read_env(), ensure also when reading an environment from a specified file that those statically sized strings are properly terminated before accessing them. Prevents potential out-of-bounds read accesses in bg_printenv or bg_setenv. Addresses CVE-2023-39950 |
Jan Kiszka <jan.kiszka@siemens.com> | no | 2023-07-24 | ||
| Introduce-validation-of-bgenv-prior-to-its-usage.patch | [PATCH 5/9] Introduce validation of bgenv prior to its usage The parsing of user variables assumes sane input so far and can be mislead to out-of-bounds accesses, including writes. Address this by always validating a bgenv after reading it from a partition or a file. If an invalid bgenv is found, it is cleared to zero internally so that the existing code will always operate against a sane state. Include the CRC32 validation in the new helper as well which also ensures that the checksum is tested when operating against a specific file. Reported by Code Intelligence. Addresses CVE-2023-39950 |
Jan Kiszka <jan.kiszka@siemens.com> | no | 2023-07-24 |