Back to grub2 PTS page

Accepted grub2 2.04-9 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Jul 2020 17:58:37 +0100
Source: grub2
Architecture: source
Version: 2.04-9
Distribution: unstable
Urgency: high
Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net>
Changed-By: Colin Watson <cjwatson@debian.org>
Changes:
 grub2 (2.04-9) unstable; urgency=high
 .
   * Backport security patch series from upstream:
     - CVE-2020-10713: yylex: Make lexer fatal errors actually be fatal
     - safemath: Add some arithmetic primitives that check for overflow
     - calloc: Make sure we always have an overflow-checking calloc()
       available
     - CVE-2020-14308: calloc: Use calloc() at most places
     - CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: malloc: Use overflow
       checking primitives where we do complex allocations
     - iso9660: Don't leak memory on realloc() failures
     - font: Do not load more than one NAME section
     - gfxmenu: Fix double free in load_image()
     - xnu: Fix double free in grub_xnu_devprop_add_property()
     - lzma: Make sure we don't dereference past array
     - term: Fix overflow on user inputs
     - udf: Fix memory leak
     - multiboot2: Fix memory leak if grub_create_loader_cmdline() fails
     - tftp: Do not use priority queue
     - relocator: Protect grub_relocator_alloc_chunk_addr() input args
       against integer underflow/overflow
     - relocator: Protect grub_relocator_alloc_chunk_align() max_addr against
       integer underflow
     - script: Remove unused fields from grub_script_function struct
     - CVE-2020-15706: script: Avoid a use-after-free when redefining a
       function during execution
     - relocator: Fix grub_relocator_alloc_chunk_align() top memory
       allocation
     - hfsplus: fix two more overflows
     - lvm: fix two more potential data-dependent alloc overflows
     - emu: make grub_free(NULL) safe
     - efi: fix some malformed device path arithmetic errors
     - Fix a regression caused by "efi: fix some malformed device path
       arithmetic errors"
     - update safemath with fallback code for gcc older than 5.1
     - efi: Fix use-after-free in halt/reboot path
     - linux loader: avoid overflow on initrd size calculation
   * CVE-2020-15707: linux: Fix integer overflows in initrd size handling
   * Apply overflow checking to allocations in Debian patches:
     - bootp: Fix integer overflow in parse_dhcp6_option
     - unix/config: Fix integer overflow in grub_util_load_config
     - deviceiter: Fix integer overflow in grub_util_iterate_devices
Checksums-Sha1:
 13ce988ec14fc49593e79cd244d78d67897ae257 7144 grub2_2.04-9.dsc
 b26ea37977da47dba853834697de1d13d9ae229c 1093828 grub2_2.04-9.debian.tar.xz
Checksums-Sha256:
 a13b289ffa70a8d0a687ca726cf86c3c94a559d1b69214f45bca9e8ad818e031 7144 grub2_2.04-9.dsc
 da668d209f7fcf3edd254e792be36d8b07086792578d77d959cf768bd8c8c41a 1093828 grub2_2.04-9.debian.tar.xz
Files:
 dab5a7656c1e8efd47f4fbce6540bd12 7144 admin optional grub2_2.04-9.dsc
 406850183fb7cc440af2a3df615e4e79 1093828 admin optional grub2_2.04-9.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl8hqzMACgkQOTWH2X2G
UAsNdw//YPWLeCUnU07UporUjRu6xMBfzVS1xwfHzbUHEHImfbvROsOsAER8uNrw
2SD6oe9vY6wYzeEuPHitJ6CLRQxRTDxVLcbuPghUEVdOovoT2xbuaoq+TL/0l/ev
daQFT6Y2QRLytRG3+IbC08BwTJwViZDelCtev/toEBe7xRMYsNlQCgUOiASVZSmE
Z9EryA6EAvhHr7wugP8ECNIItSgf7AaykNLTr3HNwBd9j0y49avcOl13U4ccfbBX
mCE1reV0emEdxli3yG176kxDh+GXjzdatcuVVuyKqedlvhuo4PZ+g8oeUPSW6D4Z
6DoYigLRdhKaYN71jgvukzQ5ICPlS+ww36SAudovs2s75IYyymvzfaMcFmiwUdEr
Tu690aHfsOqkB3ij4SSXl7yz3yqMDF5mbX8bK0OQCX4nWbKKwY1sonJSiPHiWeFQ
gR0UVOxXTG3u+Fb5jWO8HqXiEw9XmJv0xZGH1VI0Ax1fTzwxu2/QWLU/Mye5kL7I
dDNcX5Bc6OHziX/BOIQgscVhjtV6K5FiX1kVp7jbyIL+hCHdUHIB1PwDiAPfIfhF
CpfH3XuinnAzXkVx2Ug5JayTgT8Q1oLjHO6XPm1230T5R4ib1t0SOWHb8KWEKoGZ
mbJgt29Fe9Vn4lJCYogxtJmZ3SGGSEu4/oOyuPIEz7qnm4mnJpI=
=N4e5
-----END PGP SIGNATURE-----