Bug#1098319: Accepted grub2 2.12-6 (source) into unstable

Salvatore Bonaccorso carnil at debian.org
Thu Mar 13 20:01:01 GMT 2025 

Source: grub2
Source-Version: 2.12-6

Fixes as well #1098319.  Closing manually.

Regards,
Salvatore

On Thu, Mar 13, 2025 at 12:34:25PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Format: 1.8
> Date: Sat, 15 Feb 2025 17:17:14 +0000
> Source: grub2
> Architecture: source
> Version: 2.12-6
> Distribution: unstable
> Urgency: medium
> Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>
> Changed-By: Mate Kukri <mate.kukri at canonical.com>
> Closes: 1034905 1035052
> Changes:
>  grub2 (2.12-6) unstable; urgency=medium
>  .
>    [ Mate Kukri ]
>    * Fix out of bounds XSDT access, re-enable ACPI SPCR table support
>  .
>    [ Miroslav Kure ]
>    * Updated Czech translation of grub debconf messages. (Closes: #1035052)
>  .
>    [ Viktar Siarheichyk ]
>    * Updated Belarusian translation. (Closes: #1034905)
>  .
>    [ Carles Pina i Estany ]
>    * Update translation
>  .
>    [ Felix Zielcke ]
>    * Move d/legacy/* files to grub-legacy.
>    * Remove traces of ../legacy/ dir in d/rules.
>  .
>    [ Mate Kukri ]
>    * Cherry-pick upstream security patches
>    * Bump SBAT level to grub,5
>    * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
>      - CVE-2024-45774
>    * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation
>      - CVE-2024-45775
>    * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read
>      - CVE-2024-45776
>    * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write
>      - CVE-2024-45777
>    * SECURITY UPDATE: fs/bfs: Integer overflow
>      - CVE-2024-45778
>    * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read
>      - CVE-2024-45779
>    * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write
>      - CVE-2024-45780
>    * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write
>      - CVE-2024-45781
>    * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write
>      - CVE-2024-45782
>    * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF
>      - CVE-2024-45783
>    * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload
>      - CVE-2025-0622
>    * SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file()
>      - CVE-2025-0624
>    * SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks
>      - CVE-2025-0677
>    * SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data
>      - CVE-2025-0678
>    * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
>      - CVE-2025-0684
>    * SECURITY UODATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
>      - CVE-2025-0685
>    * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
>      - CVE-2025-0686
>    * SECURITY UPDATE: udf: Heap based buffer overflow  in grub_udf_read_block() may lead to arbitrary code execution
>      - CVE-2025-0689
>    * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write
>      - CVE-2025-0690
>    * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled
>      - CVE-2025-1118
>    * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write
>      - CVE-2025-1125
>    * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835]
> Checksums-Sha1:
>  d764d10afadae0a043eef899991def448bc320a9 8170 grub2_2.12-6.dsc
>  2b1f6a6d522e7d8d29c55500e886e2eef3cf31d5 1126120 grub2_2.12-6.debian.tar.xz
>  19ec12e8e70a1c6a0d226d1b58dc1ebe3fc54755 14378 grub2_2.12-6_source.buildinfo
> Checksums-Sha256:
>  21cc66a4cc4bedc6dbea36537c65be5ce8a70cccccc4e79ff48275af9ba1c485 8170 grub2_2.12-6.dsc
>  c61e7a03feaf2ad5865965523ec0d18720c4bd405806651079d65a35c0a7c0f7 1126120 grub2_2.12-6.debian.tar.xz
>  11eba76b2825795af90f74e674b47305761d99706760b84259f095d7222d1c85 14378 grub2_2.12-6_source.buildinfo
> Files:
>  53645cecf021c946131747fc5f9f75db 8170 admin optional grub2_2.12-6.dsc
>  cd7dd03ae41e15594dbbd0b4276fcf30 1126120 admin optional grub2_2.12-6.debian.tar.xz
>  cff522218af2ffa4253e0927eeea4ad6 14378 admin optional grub2_2.12-6_source.buildinfo
> 
> 
> -----BEGIN PGP SIGNATURE-----
> 
> wsG7BAEBCgBvBYJn0rQmCRBvpFjdHbA/cUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
> cy5zZXF1b2lhLXBncC5vcmd/TLwe1m2zl8hSozpuK2bqQVoBK8vA9iFPtJyF3jdd
> ARYhBE+1iKhMLd55p0x3h2+kWN0dsD9xAACm9xAAkIS1oOoWluq8+9qlMSNzkvJY
> UTZx7AbS7wpN25a4JSZUaQBuYYVGHKGEkBt2iOUSgRSVOlkzfvb3f5xdYhNRVbl4
> 0E2yToCnXbaAJXdo9xqqesytYRuYBo3LnLQF9Ya/8UnZfAQ2g0lJhB+hayCHTPwA
> hWieU463qIAG6sSqqKLx2rF3xXfb4CJYAguq0HXTnOS+fHiImf/MOFdXIrho2u/B
> Vy8IkWsQt4ClIZJ0XsfQyLfEaI3MyYWiQTEPSpKL6sNz8uoqrY3/bq4vaSj3Obh4
> DeFdWMlakpoZaFijBzS5ReX/xbQsDPbQQWeWWFOpfBKZW2v/hGJTAWCHF87fzOzj
> SRltjMEsuCF3rSC6TQh9yoSfApsmpP2BwnSCkHi25ZruXLWyhTOK7RYuMkX7F4vl
> zGgQdnomii+dV1FRFtFlNWP+U1bhEDK9NgS7Ja6Rhskw+EppTViVjoKiw04AkjzV
> r1tl00rmneFLHUSM4wW1vdiewoZ7XCRFDUdNvzV+/OvpWpuhkzXUaS7OdHji9WsD
> WgEdYRz8ioh5A0Ezk9XXmOJte1oo4Ah0lyVcU2vy3uAc4sBUc1YoF+dBFdxfOHcl
> JsEEr2u8pP9RVumnFIaU0EsSJMXz/LP+VzvfRepHB62/7xg8ifMPEbW9VBO+5JpJ
> 3hX9pyNsJsynEAOTo6U=
> =sH1X
> -----END PGP SIGNATURE-----
>

More information about the Pkg-grub-devel mailing list