[Git][security-tracker-team/security-tracker][master] grub2 fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b57fa53 by Moritz Muehlenhoff at 2026-02-09T14:41:44+01:00
grub2 fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32678,25 +32678,25 @@ CVE-2025-63225 (The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX)
 CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory vulnerability [ ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in the nor ...)
-	- grub2 <unfixed> (bug #1120968)
+	- grub2 2.14-1 (bug #1120968)
 	[trixie] - grub2 <no-dsa> (Minor issue)
 	[bookworm] - grub2 <no-dsa> (Minor issue)
-	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917 (grub-2.14)
 CVE-2025-61663 (A vulnerability has been identified in the GRUB2 bootloader's normal c ...)
-	- grub2 <unfixed> (bug #1120968)
+	- grub2 2.14-1 (bug #1120968)
 	[trixie] - grub2 <no-dsa> (Minor issue)
 	[bookworm] - grub2 <no-dsa> (Minor issue)
-	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917 (grub-2.14)
 CVE-2025-61662 (A Use-After-Free vulnerability has been discovered in GRUB's gettext m ...)
-	- grub2 <unfixed> (bug #1120968)
+	- grub2 2.14-1 (bug #1120968)
 	[trixie] - grub2 <no-dsa> (Minor issue)
 	[bookworm] - grub2 <no-dsa> (Minor issue)
-	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=8ed78fd9f0852ab218cc1f991c38e5a229e43807
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=8ed78fd9f0852ab218cc1f991c38e5a229e43807 (grub-2.14)
 CVE-2025-61661 (A vulnerability has been identified in the GRUB (Grand Unified Bootloa ...)
-	- grub2 <unfixed> (bug #1120968)
+	- grub2 2.14-1 (bug #1120968)
 	[trixie] - grub2 <no-dsa> (Minor issue)
 	[bookworm] - grub2 <no-dsa> (Minor issue)
-	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=549a9cc372fd0b96a4ccdfad0e12140476cc62a3
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=549a9cc372fd0b96a4ccdfad0e12140476cc62a3 (grub-2.14)
 CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, ...)
 	NOT-FOR-US: Modular Max Serve
 CVE-2025-59669 (A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6 ...)
@@ -32748,15 +32748,15 @@ CVE-2025-54971 (An exposure of sensitive information to an unauthorized actor vu
 CVE-2025-54821 (An Improper Privilege Management vulnerability [CWE-269] vulnerability ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-54771 (A use-after-free vulnerability has been identified in the GNU GRUB (Gr ...)
-	- grub2 <unfixed> (bug #1120968)
+	- grub2 2.14-1 (bug #1120968)
 	[trixie] - grub2 <no-dsa> (Minor issue)
 	[bookworm] - grub2 <no-dsa> (Minor issue)
-	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=c4fb4cbc941981894a00ba8e75d634a41967a27f
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=c4fb4cbc941981894a00ba8e75d634a41967a27f (grub-2.14)
 CVE-2025-54770 (A vulnerability has been identified in the GRUB2 bootloader's network  ...)
-	- grub2 <unfixed> (bug #1120968)
+	- grub2 2.14-1 (bug #1120968)
 	[trixie] - grub2 <no-dsa> (Minor issue)
 	[bookworm] - grub2 <no-dsa> (Minor issue)
-	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=10e58a14db20e17d1b6a39abe38df01fef98e29d
+	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=10e58a14db20e17d1b6a39abe38df01fef98e29d (grub-2.14)
 CVE-2025-54660 (An active debug code vulnerability in Fortinet FortiClientWindows 7.4. ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b57fa536094f09758d4bd90035dd1ef66540b70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b57fa536094f09758d4bd90035dd1ef66540b70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260209/9f2d9fa1/attachment-0001.htm>