CVE-2020-8432 (https://nvd.nist.gov/vuln/detail/CVE-2020-8432): In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
Alright, it looks like the commit that fixes this was made on 20200121: https://gitlab.denx.de/u-boot/u-boot/-/commit/5749faa3d6837d6dbaf2119fc3ec49a326690c8f Can we stable newest u-boot-tools? CCing Slyfox since he's the author of this revision.
amd64 done
x86 done
arm done all arches done
Please cleanup, thanks!
GLSA request filed.