Source: u-boot Version: 2019.01+dfsg-5 Severity: normal Tags: security upstream Forwarded: https://patchwork.ozlabs.org/patch/1092945
Hi Vagrant, The following vulnerability was published for u-boot. I'm not sure how relevant the issue is in Debian context, and we marked the issue at least laready no-dsa for stretch. CVE-2019-11690[0]: | gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 | lacks an srand call, which allows attackers to determine UUID values | in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is | relied upon for UUID values of a GUID Partition Table of a boot | device. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11690 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11690 [1] https://patchwork.ozlabs.org/patch/1092945 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
