-
grub2 (2.06-3~deb11u6) bullseye-security; urgency=medium
[ Mate Kukri ]
* SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
and may leak sensitive information into the GRUB pager.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
label.patch:
fs/ntfs: Fix an OOB read when parsing a volume label
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
index-at.patch:
fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
entries-fr.patch:
fs/ntfs: Fix an OOB read when parsing directory entries from resident and
non-resident index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
reside.patch:
fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
attribute
- CVE-2023-4693
* SECURITY UPDATE: Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
ATTRIBUTE_LIST-.patch:
fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
the $MFT file
- d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
fs/ntfs: Make code more readable
- CVE-2023-4692
[ Julian Andres Klode ]
* Bump SBAT to grub,4
-- Julian Andres Klode <email address hidden> Mon, 02 Oct 2023 16:11:34 +0200
-
grub2 (2.06-3~deb11u5) bullseye; urgency=high
[ Steve McIntyre ]
* Include fonts in the memdisk build for EFI images.
* Bump Debian SBAT level to 4
- Due to a mistake in the buster upload (2.06-3~deb10u2) that left
the CVE-2022-2601 bugs in place, we need to bump SBAT for all of
the Debian GRUB binaries. :-(
* Fix bug in core file code so errors are handled better. This makes
the above font-handling patch work!
-- Steve McIntyre <email address hidden> Thu, 08 Nov 2022 17:29:17 +0000
-
grub2 (2.06-3~deb11u1) bullseye; urgency=medium
[ Steve McIntyre ]
* Rebuild for bullseye.
* Updated the 2.06-3 changelog to mention closure of CVE-2022-28736
* Re-enable os-prober by default, don't make that change in a stable
update.
-- Steve McIntyre <email address hidden> Mon, 01 Aug 2022 20:26:34 +0100
-
grub2 (2.04-20) unstable; urgency=medium
[ Mathieu Trudel-Lapierre ]
* tpm: Pass unknown error as non-fatal, but debug print the error we got
(closes: #940911, LP: #1848892).
-- Colin Watson <email address hidden> Sun, 11 Jul 2021 00:37:36 +0100
-
grub2 (2.04-19) unstable; urgency=medium
* Resync grub-install backup and restore patches from upstream, fixing
problems that left the system unbootable after certain kinds of failure
(closes: #983435).
-- Colin Watson <email address hidden> Sat, 19 Jun 2021 13:04:38 +0100
-
grub2 (2.04-18) unstable; urgency=medium
[ Steve McIntyre ]
* Enable the shim_lock and tpm modules for i386-efi too. Ensure that
tpm is included in our EFI images.
* List the modules we include the EFI images - make it easier to
debug things.
* Add debug to display what's going on with verifiers
[ Colin Watson ]
* util/mkimage: Some fixes to PE binaries section size calculation
(closes: #987103).
-- Colin Watson <email address hidden> Sun, 25 Apr 2021 16:20:17 +0100
-
grub2 (2.04-12) unstable; urgency=medium
* Cherry-pick from upstream:
- mdraid1x_linux: Fix gcc10 error -Werror=array-bounds
- zfs: Fix gcc10 error -Werror=zero-length-bounds
* Build with GCC 10 (closes: #978515).
-- Colin Watson <email address hidden> Mon, 28 Dec 2020 22:33:23 +0000