In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c
do_rename_gpt_parts() function. Double freeing may result in a
write-what-where condition, allowing an attacker to execute arbitrary code.
NOTE: this vulnerablity was introduced when attempting to fix a memory leak
identified by static analysis.
Alright, it looks like the commit that fixes this was made on 20200121: https://gitlab.denx.de/u-boot/u-boot/-/commit/5749faa3d6837d6dbaf2119fc3ec49a326690c8f
Can we stable newest u-boot-tools? CCing Slyfox since he's the author of this revision.
all arches done
Please cleanup, thanks!
GLSA request filed.