Information on source package edk2

Available versions

ReleaseVersion
stretch0~20161202.7bbe0b3e-1+deb9u1
buster0~20181115.85588389-3+deb10u1
bullseye2020.05-3
sid2020.05-3

Open issues

BugstretchbusterbullseyesidDescription
CVE-2019-14587vulnerable (no DSA, ignored)fixedfixedfixed
CVE-2019-14586vulnerable (no DSA, ignored)fixedfixedfixed
CVE-2019-14575vulnerable (no DSA, ignored)fixedfixedfixedDxeImageVerificationHandler() fails open in case of dbx signature check
CVE-2019-14563vulnerable (no DSA, ignored)fixedfixedfixednumeric truncation in MdeModulePkg/PiDxeS3BootScriptLib
CVE-2019-14560vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableGetEfiGlobalVariable2() return value not checked
CVE-2019-14559vulnerable (no DSA, ignored)fixedfixedfixedmemory leak in ArpOnFrameRcvdDpc
CVE-2019-14558vulnerable (no DSA, ignored)fixedfixedfixed
CVE-2019-0161vulnerable (no DSA, ignored)fixedfixedfixedStack overflow in XHCI for EDK II may allow an unauthenticated user to ...
CVE-2019-0160vulnerable (no DSA, ignored)fixedfixedfixedBuffer overflow in system firmware for EDK II may allow unauthenticate ...
CVE-2018-12183vulnerable (no DSA, ignored)fixedfixedfixedStack overflow in DxeCore for EDK II may allow an unauthenticated user ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2019-14553vulnerablevulnerablefixedfixedinvalid server certificate accepted in HTTPS-over-IPv6 boot
CVE-2018-12182vulnerablevulnerablefixedfixedInsufficient memory write check in SMM service for EDK II may allow an ...
CVE-2018-12179vulnerablevulnerablefixedfixedImproper configuration in system firmware for EDK II may allow unauthe ...
CVE-2014-4860vulnerablevulnerablefixedfixedMultiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...
CVE-2014-4859vulnerablevulnerablefixedfixedInteger overflow in the Drive Execution Environment (DXE) phase in the ...

Resolved issues

BugDescription
CVE-2018-12181Stack overflow in corrupted bmp for EDK II may allow unprivileged user ...
CVE-2018-12180Buffer overflow in BlockIo service for EDK II may allow an unauthentic ...
CVE-2018-12178Buffer overflow in network stack for EDK II may allow unprivileged use ...

Search for package or bug name: Reporting problems