Security vulnerabilities report to Das-U-Boot
Miquel Raynal
miquel.raynal at bootlin.com
Wed Feb 12 19:24:18 AEDT 2025
Hello Tom,
On 11/02/2025 at 15:29:09 -06, Tom Rini <trini at konsulko.com> wrote:
> On Tue, Feb 11, 2025 at 08:26:37AM -0800, Jonathan Bar Or wrote:
>> Hi Tom and the rest of the team,
>>
>> Please let me know about fix time, whether this is acknowledged and
>> whether you're going to request CVE IDs for those or if I should do
>> it.
>> The reason is that I found similar issues in other bootloaders, so I'm
>> trying to synchronize all of them. For what it's worth, Barebox has
>> similar issues and are currently fixing.
>
> Yes, these seem valid. We don't have a CVE requesting authority so if
> you want them, go ahead and request them. You saw Gao Xiang's response
> for erofs, and I'm hoping one of the squashfs maintainers will chime
> in.
Either João or me, we will have a look.
Thanks,
Miquèl
More information about the Linux-erofs
mailing list