Bug#1024617: CVE-2022-2601 is still not fixed on buster
Steve McIntyre
steve at einval.com
Tue Nov 22 10:21:06 GMT 2022
On Tue, Nov 22, 2022 at 05:00:47PM +0800, Zhang Boyang wrote:
>Package: grub2
>Tags: security
>
>Hi,
>
>Although there are patches in `debian/patches/cve_2022_2601/`, they are not
>used by `debian/patches/series`. So the vulnerability is still not fixed in
>buster even its SBAT==3.
Aw, crap. :-( Looks like I lost a change when switching between
branches when testing locally.
Thanks for reporting this!
>Bullseye seems OK. However, it seems debian's SBAT numbers should be bumped,
>so bullseye also needs an update.
ACK, I'll work stuff out.
--
Steve McIntyre, Cambridge, UK. steve at einval.com
Google-bait: https://www.debian.org/CD/free-linux-cd
Debian does NOT ship free CDs. Please do NOT contact the mailing
lists asking us to send them to you.
More information about the Pkg-grub-devel
mailing list