| Release | Version |
|---|---|
| jessie/non-free | 0~20131112.2590861a-3 |
| stretch | 0~20161202.7bbe0b3e-1+deb9u1 |
| buster | 0~20181115.85588389-3 |
| bullseye | 0~20191122.bd85bf54-1 |
| sid | 0~20191122.bd85bf54-1 |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2019-0161 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | Stack overflow in XHCI for EDK II may allow an unauthenticated user to ... |
| CVE-2019-0160 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | Buffer overflow in system firmware for EDK II may allow unauthenticate ... |
| CVE-2018-12183 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | Stack overflow in DxeCore for EDK II may allow an unauthenticated user ... |
| CVE-2018-12181 | vulnerable | fixed | fixed | fixed | fixed | Stack overflow in corrupted bmp for EDK II may allow unprivileged user ... |
| CVE-2018-12180 | vulnerable | fixed | fixed | fixed | fixed | Buffer overflow in BlockIo service for EDK II may allow an unauthentic ... |
| CVE-2018-12178 | vulnerable | fixed | fixed | fixed | fixed | Buffer overflow in network stack for EDK II may allow unprivileged use ... |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2019-14553 | vulnerable | vulnerable | vulnerable | fixed | fixed | invalid server certificate accepted in HTTPS-over-IPv6 boot |
| CVE-2018-12182 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Insufficient memory write check in SMM service for EDK II may allow an ... |
| CVE-2018-12179 | vulnerable | vulnerable | vulnerable | fixed | fixed | Improper configuration in system firmware for EDK II may allow unauthe ... |
| CVE-2014-4860 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | |
| CVE-2014-4859 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable |