Your message dated Sun, 23 Mar 2025 18:20:50 +0000
with message-id <e1twpwi-00bn6p...@fasolo.debian.org>
and subject line Bug#1100594: fixed in edk2 2025.02-4
has caused the Debian Bug report #1100594,
regarding edk2: CVE-2025-2295: Remote Memory Exposure in iSCSI DXE
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1100594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: edk2
Version: 2025.02-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for edk2.
CVE-2025-2295[0]:
| EDK2 contains a vulnerability in BIOS where a user may cause an
| Integer Overflow or Wraparound by network means. A successful
| exploitation of this vulnerability may lead to denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2295
https://www.cve.org/CVERecord?id=CVE-2025-2295
[1] https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: edk2
Source-Version: 2025.02-4
Done: dann frazier <da...@debian.org>
We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1100...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <da...@debian.org> (supplier of updated edk2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Mar 2025 12:05:21 -0600
Source: edk2
Architecture: source
Version: 2025.02-4
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: dann frazier <da...@debian.org>
Closes: 1100594
Changes:
edk2 (2025.02-4) unstable; urgency=medium
.
* d/tests/shell.py: Add tests to confirm that the built-in shell
is not available in secboot variants.
* qemu-efi-aarch64: README.Debian: Correct cut & paste errors that
reference OVMF images.
* ovmf: README.Debian: Explain why some images contain a built-in
shell and others do not.
* qemu-efi-aarch64: README.Debian: Update to describe the no-secboot
and secboot images. Warn users that the AAVMF_CODE.fd path is a
compat symlink that will be removed in the future.
* Fix remote memory exposure in iSCSI DXE. CVE-2025-2295. (Closes: #1100594)
- d/p/0001-NetworkPkg-IScsiDxe-Fix-for-Remote-Memory-Exposure-i.patch
* ovmf, qemu-efi-aarch64: Correct typo in NEWS entry.
Checksums-Sha1:
82d025ba3d21b4157384cb28cf6c69b0b0f6c4b9 2552 edk2_2025.02-4.dsc
316cd96b599349a52e8c8fc02795c2b7f17520c9 46564 edk2_2025.02-4.debian.tar.xz
bb151655995e418064ed326b63eef931852340ad 11796 edk2_2025.02-4_source.buildinfo
Checksums-Sha256:
5d53f9e94dee874c5a1014d0bda6126578b432cc5bc3a176d7f14797ec1d5832 2552
edk2_2025.02-4.dsc
952e17a22659bf0bcae4812aea4b193978bde5b142693710390af31f8f233c2e 46564
edk2_2025.02-4.debian.tar.xz
93acde196df69d8cccbb3d20c7f4bdf5ac17bc63285ead9dcd5bbfed0da814a4 11796
edk2_2025.02-4_source.buildinfo
Files:
cfb5f47916940746666c0071378ec593 2552 misc optional edk2_2025.02-4.dsc
8bb46f51673822b4298ec4678a358895 46564 misc optional
edk2_2025.02-4.debian.tar.xz
be7dc552e805f8f4fe3faab62dc722db 11796 misc optional
edk2_2025.02-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iIcEARYKAC8WIQQoGlxLiiPDxHQh9i5UW4ZA9GI6WAUCZ+BNkhEcZGFubmZAZGVi
aWFuLm9yZwAKCRBUW4ZA9GI6WCIYAP9gxXRGVsJu1V9UUf0Dc9qoBFRmKD66y01d
T4Jmok7qqAEA2ru/4TVBK4UMrezUb5sdriX7q7Q3ETSkhtNX3Go0QQs=
=IIYD
-----END PGP SIGNATURE-----
pgpCMcV7y9yHM.pgp
Description: PGP signature
--- End Message ---
