[Git][security-tracker-team/security-tracker][master] 2 commits: Mark 7 CVEs affecting grub2 as ignored for stretch

Utkarsh Gupta utkarsh at debian.org
Thu Mar 4 08:42:15 GMT 2021 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2dd9ec1d by Utkarsh Gupta at 2021-03-04T14:11:58+05:30
Mark 7 CVEs affecting grub2 as ignored for stretch

- - - - -
77849e46 by Utkarsh Gupta at 2021-03-04T14:11:58+05:30
Drop grub2 from dla-needed; ignored

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18662,6 +18662,7 @@ CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/
 CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2021-20232
 	RESERVED
 CVE-2021-20231
@@ -18700,6 +18701,7 @@ CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel,
 CVE-2021-20225 (A flaw was found in grub2 in versions prior to 2.06. The option parser ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2021-20224
 	RESERVED
 CVE-2021-20223
@@ -29411,6 +29413,7 @@ CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the
 CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem comman ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...)
 	- poppler 0.85.0-2
 	[buster] - poppler <postponed> (Minor issue)
@@ -29612,6 +29615,7 @@ CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private
 CVE-2020-27749 (A flaw was found in grub2 in versions prior to 2.06. Variable names pr ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2020-27748 [local file inclusion vulnerability]
 	RESERVED
 	- xdg-utils <unfixed> (bug #975370)
@@ -34990,6 +34994,7 @@ CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) m
 CVE-2020-25647 (A flaw was found in grub2 in versions prior to 2.06. During USB device ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...)
 	TODO: check
 CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...)
@@ -35048,6 +35053,7 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy
 CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...)
 	- moodle <removed>
 CVE-2020-25630 (A vulnerability was found in Moodle where the decompressed size of zip ...)
@@ -59610,6 +59616,7 @@ CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.
 CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
+	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 CVE-2020-14371
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite


=====================================
data/dla-needed.txt
=====================================
@@ -56,11 +56,6 @@ golang-github-appc-cni (Thorsten Alteholz)
 golang-gogoprotobuf (Ola Lundqvist)
   NOTE: 20210218: If you have any idea why this is called the "skippy peanut butter" issue, I would be mildly interested. (lamby)
 --
-grub2
-  NOTE: 20210303: Suggestion from Salvatore: Handle this in same way as for BootHole in stretch, there is no Secure Boot
-  NOTE: 20210303: that is "[stretch] - grub2 <ignored> (No SecureBoot support in stretch)"
-  NOTE: 20210303: asked for further clarification from Salvatore. (utkarsh)
---
 gsoap
 --
 guacamole-server (Anton Gladky)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9393ac46c0c72c320fd1788620f4e7e8828368e...77849e46951112dd87797b84485b40303e3c1239

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9393ac46c0c72c320fd1788620f4e7e8828368e...77849e46951112dd87797b84485b40303e3c1239
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210304/55f1e9f6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list