[Git][security-tracker-team/security-tracker][master] Ignore BootHole and friends in stretch

Emilio Pozuelo Monfort pochu at debian.org
Wed Jul 29 18:43:27 BST 2020



Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbc28b71 by Emilio Pozuelo Monfort at 2020-07-29T19:37:18+02:00
Ignore BootHole and friends in stretch

There's no SecureBoot support in stretch (no signed shim, grub or
kernel) so if an attacker can modify grub.cfg, they may as well
point it to a malicious (unsigned) kernel.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -921,10 +921,12 @@ CVE-2020-15708
 CVE-2020-15707
 	RESERVED
 	- grub2 2.04-9
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
 CVE-2020-15706
 	RESERVED
 	- grub2 2.04-9
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
 CVE-2020-15705
 	RESERVED
@@ -4417,18 +4419,22 @@ CVE-2020-14312
 CVE-2020-14311
 	RESERVED
 	- grub2 2.04-9
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
 CVE-2020-14310
 	RESERVED
 	- grub2 2.04-9
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
 CVE-2020-14309
 	RESERVED
 	- grub2 2.04-9
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
 CVE-2020-14308
 	RESERVED
 	- grub2 2.04-9
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
 CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...)
 	- wildfly <itp> (bug #752018)
@@ -15024,6 +15030,7 @@ CVE-2020-10714
 CVE-2020-10713
 	RESERVED
 	- grub2 2.04-9
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	NOTE: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
 CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbc28b710f35551896bd91a571122c63d15591fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbc28b710f35551896bd91a571122c63d15591fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200729/1c653881/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list