Bug#1024617: CVE-2022-2601 is still not fixed on buster
Zhang Boyang
zhangboyang.id at gmail.com
Tue Nov 22 09:00:47 GMT 2022
Package: grub2
Tags: security
Hi,
Although there are patches in `debian/patches/cve_2022_2601/`, they are
not used by `debian/patches/series`. So the vulnerability is still not
fixed in buster even its SBAT==3.
Bullseye seems OK. However, it seems debian's SBAT numbers should be
bumped, so bullseye also needs an update.
Best Regards,
Zhang Boyang
More information about the Pkg-grub-devel
mailing list