grub2_2.06-3~deb11u6_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Oct 6 20:05:05 BST 2023
Thank you for your contribution to Debian.
Mapping oldstable-security to oldstable-proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 02 Oct 2023 16:11:34 +0200
Source: grub2
Architecture: source
Version: 2.06-3~deb11u6
Distribution: bullseye-security
Urgency: medium
Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>
Changed-By: Julian Andres Klode <jak at debian.org>
Changes:
grub2 (2.06-3~deb11u6) bullseye-security; urgency=medium
.
[ Mate Kukri ]
* SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
and may leak sensitive information into the GRUB pager.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
label.patch:
fs/ntfs: Fix an OOB read when parsing a volume label
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
index-at.patch:
fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
entries-fr.patch:
fs/ntfs: Fix an OOB read when parsing directory entries from resident and
non-resident index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
reside.patch:
fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
attribute
- CVE-2023-4693
* SECURITY UPDATE: Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
ATTRIBUTE_LIST-.patch:
fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
the $MFT file
- d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
fs/ntfs: Make code more readable
- CVE-2023-4692
.
[ Julian Andres Klode ]
* Bump SBAT to grub,4
Checksums-Sha1:
a5ef359c99c2ad7bd5dd5fb175e5b490b2764bf8 7121 grub2_2.06-3~deb11u6.dsc
f12b176bb663cf9a21542b67aacfac1c6e688346 1097416 grub2_2.06-3~deb11u6.debian.tar.xz
85004465edb866ece389f4f25f3b5694a3a3c45c 13925 grub2_2.06-3~deb11u6_source.buildinfo
Checksums-Sha256:
e9a553c4f8a84d6b5a315ce55e2c0e0d7290af17a6039cf23b80b7788c3eb969 7121 grub2_2.06-3~deb11u6.dsc
a3a619332acd5d996d89c73c7a6ad8bfbde3f3ecf55e8c7e358b2db7646eb108 1097416 grub2_2.06-3~deb11u6.debian.tar.xz
64bfe457c79700d7a6391d8c7101539f338b7e08110edcecce21b9ed9ae2709e 13925 grub2_2.06-3~deb11u6_source.buildinfo
Files:
714ceac7d1c623ba3442b28ca408d39f 7121 admin optional grub2_2.06-3~deb11u6.dsc
cf1ebc72e0c5b225cb6915c9618a5990 1097416 admin optional grub2_2.06-3~deb11u6.debian.tar.xz
46e3b4d76aa25be157c9f7fc19eba24e 13925 admin optional grub2_2.06-3~deb11u6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmUa/HkPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9x+v0P/1Adwf+DaWdaxmTC2EDxiVC2JGJEMdxe/3fV
k34zpU1/iirf2P900M4Zb0F81cj+7TrEs9NmsS+J0ACST9vnETSYorccVhjwsELn
/s9C+cjKADyk5yacl0kpwb67Enh4bouFIfHEXaMazgSXlSPr3KxRRQDqtS3yF2do
dAE2YTXf8kf5fSLe1UcdQcgSr2NMj4uViIgW1rcmgsU/+wgBspalgNzWVMwjrJy6
5Gr/o8iWajIeYB9yS1hr9ppAB7G3cQh0hDGBX01T62im20GxNw1Rp01LYzdFIzmD
UO3Cp1cfKVqj7vTfPUBaRUxX5++QQceCKrfujwcUD7cjxRzQbgsAiWX90UmFe/Ch
BfPOc4hAgj37XNLkt4r0csh5lydpmdWK6Emuqo74WRmVwbc6zVlTz2/NeQB4bMpz
wlaX0mQjsgk3wKbnKZjwQtBl/CNExvVZtksiXwmvmO0C9LQtZUjT+JXJKkXwlBXF
1iZp5nB1q/jrOeXCK4jEa0OrYzJQQweCseC92jPvnO6iWfQFskV76hR6pGu/o1+e
QKk8zZEmLmlSJh34QHlDCTTF2K/8XCPWLt9rarLwGT3O29iFMpBLLfJZdPCzg0hC
65xmdp7yRweayyaTMFsDiSFWjhwaPzNjLchfjjoeJlaZZj8zucRQ1DdWsksKzHpQ
PTFirzL9
=Ov1i
-----END PGP SIGNATURE-----
More information about the Pkg-grub-devel
mailing list