Debian Fwupd vulnerabilities

CVE-2022-3287 [MEDIUM] CVE-2022-3287: fwupd - When creating an OPERATOR user account on the BMC, the redfish plugin saved the ... When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. Scope: local bookworm: resolved (fixed in 1.8.5-1) bullseye: resolved forky: resolved (fixed in 1.8.5-1) sid: resolved (fixed in 1.8.5-1) trix

CVE-2020-10759 [MEDIUM] CVE-2020-10759: fwupd - A PGP signature bypass flaw was found in fwupd (all versions), which could lead ... A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest