[Git][security-tracker-team/security-tracker][master] Add CVE-2025-4382/grub2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 10 10:15:59 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b830081 by Salvatore Bonaccorso at 2025-05-10T11:14:30+02:00
Add CVE-2025-4382/grub2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,16 @@ CVE-2025-4434 (The Remote Images Grabber plugin for WordPress is vulnerable to R
 CVE-2025-4403 (The Drag and Drop Multiple File Upload for WooCommerce plugin for Word ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4382 (A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...)
-	TODO: check
+	- grub2 <unfixed>
+	NOTE: Fixed by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=c448f511e74cb7c776b314fcb7943f98d3f22b6d
+	NOTE: Additional hardening via:
+	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ed691c0e0e20d9d0e8d8305a120e8c61d6be3d38
+	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=7a584fbde0c339816a57d55fc165a854039cf0b2
+	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=10d778c4b4d56cc36836d86a9698bc5272b12101
+	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=23ec4535f40dc53f68d2709f8fb44af571431ca7
+	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=301b4ef25a8fafaeba48498e97efd28bd2809f97
+	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=dbc0eb5bd1f40de9b394e3a86e84f46c39a23e40
+	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=73d1c959ea3417e9309ba8c6102d7d6dc7c94259
 CVE-2025-4377 (Improper Limitation of a Pathname caused a Path Traversal vulnerabilit ...)
 	NOT-FOR-US: Sparx Systems Pro Cloud Server
 CVE-2025-4376 (Improper Input Validation vulnerability in Sparx Systems Pro Cloud Ser ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b83008107ac6104d5e424c9c1d887561d169e17

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b83008107ac6104d5e424c9c1d887561d169e17
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250510/1158a2f4/attachment.htm>

More information about the debian-security-tracker-commits mailing list