openSUSE has issued an advisory on October 1: https://lists.opensuse.org/opensuse-updates/2019-10/msg00004.html Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning to registered - also most recent - maintainer, Olivier.
Assignee: bugsquad => mageia
There are 4 CVE related to this: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13106 The fixes were applied to the denx u-boot master branch in July 2019.
CC: (none) => rihoward1
Thanks.
Summary: u-boot new security issues CVE-2019-13104 and CVE-2019-13106 => u-boot new security issues CVE-2019-1310[3-6]
u-boot-tools-20180507-4.mga8.src.rpm in Cauldron.
Source RPM: u-boot-20180507-3.mga7.src.rpm => u-boot-tools-20180507-3.mga7.src.rpmCC: (none) => ouaurelien
Source RPM: u-boot-tools-20180507-3.mga7.src.rpm => u-boot-20180507-3.mga7.src.rpm
No, it's u-boot, not u-boot-tools.
U-Boot 2020.10 is released upstream.
CVE-2019-13103 : Fixed in cauldron https://gitlab.denx.de/u-boot/u-boot/commit /232e2f4fd9a24bf08215ddc8c53ccadffc841fb5 CVE-2019-13104 : Fixed in cauldron https://gitlab.denx.de/u-boot/u-boot/commit/878269dbe74229005dd7f27aca66c554e31dad8e CVE-2019-13105 : Fixed in cauldron https://gitlab.denx.de/u-boot/u-boot/commit/6e5a79de658cb1c8012c86e0837379aa6eabd024 CVE-2019-13106 : Fixed in cauldron https://gitlab.denx.de/u-boot/u-boot/commit/e205896c5383c938274262524adceb2775fb03ba
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7CC: (none) => mageia
Status comment: (none) => Patches available from upstream
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDStatus: NEW => RESOLVED