-grub2 (2.06-5) UNRELEASED; urgency=high
+grub2 (2.06-5) unstable; urgency=high
[ Steve McIntyre ]
* Explicitly unset SOURCE_DATE_EPOCH before running fs tests
+ * Pull in upstream patches to harden font and image handling -
+ CVE-2022-2601, CVE-2022-3775.
+ * Bump SBAT level to 3 for grub-efi packages
- -- Steve McIntyre <93sam@debian.org> Wed, 14 Sep 2022 22:35:49 +0100
+ -- Steve McIntyre <93sam@debian.org> Sun, 13 Nov 2022 00:33:35 +0000
grub2 (2.06-4) unstable; urgency=high
0091-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
0092-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
fs-tester-time-fail.patch
+cve_2022_2601/0001-video-readers-Add-artificial-limit-to-image-dimensio.patch
+cve_2022_2601/0002-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
+cve_2022_2601/0003-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
+cve_2022_2601/0004-font-Fix-several-integer-overflows-in-grub_font_cons.patch
+cve_2022_2601/0005-font-Remove-grub_font_dup_glyph.patch
+cve_2022_2601/0006-font-Fix-integer-overflow-in-ensure_comb_space.patch
+cve_2022_2601/0007-font-Fix-integer-overflow-in-BMP-index.patch
+cve_2022_2601/0008-font-Fix-integer-underflow-in-binary-search-of-char-.patch
+cve_2022_2601/0009-kern-efi-sb-Enforce-verification-of-font-files.patch
+cve_2022_2601/0010-fbutil-Fix-integer-overflow.patch
+cve_2022_2601/0011-font-Fix-an-integer-underflow-in-blit_comb.patch
+cve_2022_2601/0012-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
+cve_2022_2601/0013-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
+cve_2022_2601/0014-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-grub,2,Free Software Foundation,grub,@UPSTREAM_VERSION@,https://www.gnu.org/software/grub/
+grub,3,Free Software Foundation,grub,@UPSTREAM_VERSION@,https://www.gnu.org/software/grub/
grub.debian,1,Debian,grub2,@DEB_VERSION@,https://tracker.debian.org/pkg/grub2
projects / grub2.git / commitdiff