grub2_2.06-13+deb12u2_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Apr 1 21:35:38 BST 2026 

Thank you for your contribution to Debian.

Mapping bookworm to oldstable.
Mapping oldstable to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Apr 2026 21:03:46 +0100
Source: grub2
Architecture: source
Version: 2.06-13+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>
Changed-By: Steve McIntyre <93sam at debian.org>
Changes:
 grub2 (2.06-13+deb12u2) bookworm; urgency=medium
 .
   [ Julian Andres Klode ]
   * Set Protected: yes for -signed packages so they cannot easily be removed
   * debian/patches: Backport to bookworm
 .
   [ Felix Zielcke ]
   * Add salsa-ci.yml and disable blhc and reprotest pipelines.
 .
   [ Luca Boccassi ]
   * salsa-ci: configure for stable builds
 .
   [ Mate Kukri ]
   * Cherry-pick remaining XFS delta from 2.12
   * Cherry-pick upstream vulnerability fixes
   * Cherry-pick extfs regression patch
   * Cherry-pick xfs regression patches
   * Bump SBAT level to grub,5
   * fs/fat: Don't error when mtime is 0 (LP: #2098641)
   * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
     - CVE-2024-45774
   * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation
     - CVE-2024-45775
   * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read
     - CVE-2024-45776
   * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write
     - CVE-2024-45777
   * SECURITY UPDATE: fs/bfs: Integer overflow
     - CVE-2024-45778
   * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read
     - CVE-2024-45779
   * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write
     - CVE-2024-45780
   * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write
     - CVE-2024-45781
   * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write
     - CVE-2024-45782
   * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF
     - CVE-2024-45783
   * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload
     - CVE-2025-0622
   * SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file()
     - CVE-2025-0624
   * SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks
     - CVE-2025-0677
   * SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data
     - CVE-2025-0678
   * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
     - CVE-2025-0684
   * SECURITY UPDATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
     - CVE-2025-0685
   * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
     - CVE-2025-0686
   * SECURITY UPDATE: udf: Heap based buffer overflow  in grub_udf_read_block() may lead to arbitrary code execution
     - CVE-2025-0689
   * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write
     - CVE-2025-0690
   * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled
     - CVE-2025-1118
   * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write
     - CVE-2025-1125
   * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835]
 .
   [ Steve McIntyre ]
   * Drop NTFS patches that seem to be causing regressions
   * Remove NTFS from the monolithic EFI grub image, so we don't sign
     vulnerable code.
   * Similarly, remove jfs - we have doubts.
   * Bump SBAT levels:
     + grub,5 now we have the 2025 CVE fixes included
     + grub.debian,5
     + grub.debian12,1
Checksums-Sha1:
 ed6903334484fbe64a8cd2355f2b8def037fe37c 7093 grub2_2.06-13+deb12u2.dsc
 221883f315faab979a8d6fb6c05867551b5decfd 1158840 grub2_2.06-13+deb12u2.debian.tar.xz
 2a59ccf7792518ad29c2b95282acc60ce8ead54a 13574 grub2_2.06-13+deb12u2_source.buildinfo
Checksums-Sha256:
 9c0f89f34907e0e50df46401c811347f9559cd405b8c83659042f2c4687622b7 7093 grub2_2.06-13+deb12u2.dsc
 851ac9ec78b167db98217d115c88fbd87644d80f3c63cd9d6da682926e819f82 1158840 grub2_2.06-13+deb12u2.debian.tar.xz
 0865d0c092ba8a975473be0a89c8fbeb8c04d766e5c27ea6a90c7b958487ca8d 13574 grub2_2.06-13+deb12u2_source.buildinfo
Files:
 8dc24f29ef91c63792563f01d08f8a35 7093 admin optional grub2_2.06-13+deb12u2.dsc
 47cde18067cfa34c757042476313d338 1158840 admin optional grub2_2.06-13+deb12u2.debian.tar.xz
 5d3f53491723fd63562146ee02783347 13574 admin optional grub2_2.06-13+deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmnNfa4RHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE6GdA/+O0vIAkpD4xuDbHYFQy2SgIjq5fc79pRr
iSn/D3UIbinets3QOSb0AIo79tg1jOl1XZbOAYXED/3PDCzHz8zK/KlsS9n+Zfmm
a6g6Pp5YR312ixCAkLBUuJC54oCgkA9+j0mUzjRBR4tAnq07qGRgX1Grt98pXKIk
8WAeee5I4VrMDVcYBS/zZ9lmd+va55SiQS727QIwlegMyzrgS8M81/2+QOr8F3h6
sx2UDTYJAxDNztkLqOYOiUcXX7H0z4vDU3fo2n4qZgowQIJ+SGFSt2h4WbdzVn4d
sjpePP0nldUV0UzureiEtDqJJfXi1H2SIApgYrDGo2jbbqrUScVxF+LWcMzDrmeC
7N/6hoDl+aLS+Kjawh2zDA8cHKDXGL+/gsiHM+AnNeb65NIzEZ60qyeF7mCVtVRY
L4xPY/VD/kRF6dfobuLxvpiEWxZ1/rfVFyrPzOwWd374G288PX4Lpx8R9pl6InQl
BgciJJmz4ll0XTQ7L+MT9syJv8ESRzBHtc8/KVgyzgsmyqpzdE0QXi3qNY4F21HH
Rvnsqf9wO4t/gYk/qZqD2K2ikxWO1Y5uBi1RyFzVcBhB9f9fQCTlkEhxG8sAdHzc
wyWqOmCot64f9ORdWBGgw9OJ5HU4RAIkjt1mbeQBBgFLulR68Jmwh8VkrnYJhqT2
QjXdsRtRomM=
=a7CN
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20260401/d5ed5789/attachment.sig>

More information about the Pkg-grub-devel mailing list