CVE-2022-28737

NameCVE-2022-28737
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
shim (PTS)stretch0.9+1474479173.6c180c6-1vulnerable
buster15.4-7~deb10u1vulnerable
bookworm, sid, bullseye15.4-7vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
shimsource(unstable)(unfixed)

Notes

[bullseye] - shim <no-dsa> (Fix via point update)
[buster] - shim <no-dsa> (Fix via point update)
https://www.openwall.com/lists/oss-security/2022/06/07/5
https://github.com/rhboot/shim/commit/e99bdbb827a50cde019393d3ca1e89397db221a7 (15.6)
https://github.com/rhboot/shim/commit/159151b6649008793d6204a34d7b9c41221fb4b0 (15.6)

Search for package or bug name: Reporting problems