Bug#991691: Possible CVE-2014-5461 in grub2
Colin Watson
cjwatson at debian.org
Fri Jul 30 12:25:18 BST 2021
Control: tag -1 upstream
On Fri, Jul 30, 2021 at 02:35:58PM +0400, Movses Tovmasyan wrote:
> grub2 uses the obsolete version of minilua
> (single-file port of Lua) which has CVE-2014-5461
> Patch attached below.
The upstream repository for this is
https://git.savannah.gnu.org/cgit/grub-extras.git, and this doesn't seem
to be fixed there. Could you please send a patch to grub-devel at gnu.org
for review (as a proper textual git patch, not a screenshot of a patch)?
We can then cherry-pick it from there.
I've merged the various bugs that you filed against different versions
and binary packages of the Debian grub2 source package. We only need
one bug report for this.
Thanks,
--
Colin Watson (he/him) [cjwatson at debian.org]
More information about the Pkg-grub-devel
mailing list