Debian Patches
Status for swupdate/2022.12+dfsg-4+deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2026-28525.diff | mongoose: Integer Underflow in Multipart Upload Parser The function mg_http_multipart_continue_wait_for_chunk() has a discrepancy between its guard condition and a subsequent subtraction in the else branch. The guard at line 250 checks `(int) io->len < mp_stream->boundary.len + 6`, allowing execution to continue when io->len >= boundary.len + 6. However, when mg_strstr() finds the boundary string in the buffer (else branch at line 264), data_len is computed as `io->len - (mp_stream->boundary.len + 8)`. The +6 vs +8 mismatch means that when io->len is in the range [boundary.len + 6, boundary.len + 7], the subtraction underflows the size_t variable to SIZE_MAX or SIZE_MAX - 1. This will fix CVE-2026-28525. Description of issue copied from vulnerability report - many thanks to Kazuma for his analyses. Reported by: Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc." |
Stefano Babic <stefano.babic@swupdate.org> | no | upstream, beee2dc0feef1cfe84f1aa6fc980e104b2e47a74 | 2026-03-19 | |
| Link-config-to-swupdate-www-path.diff | example: Link config to swupdate-www path | Bastian Germann <bage@debian.org> | not-needed | 2022-11-28 | ||
| Replace-Font-Awesome-5-with-Fork-Awesome.diff | Replace Font Awesome 5 with Fork Awesome | Bastian Germann <bage@debian.org> | not-needed | 2022-11-25 | ||
| use-gcc-compiler.diff | Use gcc compiler Use explicit gcc to enable cross compiling. crossprefix-cc will not be available generally on Debian. |
Bastian Germann <bastiangermann@fishpost.de> | no | 2020-05-28 |
All known versions for source package 'swupdate'
- 2025.12+dfsg-10 (sid)
- 2025.12+dfsg-8 (forky)
- 2025.12+dfsg-7~bpo13+1 (trixie-backports)
- 2024.12.1+dfsg-3+deb13u2 (trixie)
- 2024.12.1+dfsg-3~bpo12+1 (bookworm-backports)
- 2022.12+dfsg-4+deb12u2 (bookworm)