Back to grub2 PTS page

Accepted grub2 2.06-3~deb10u4 (source) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted grub2 2.06-3~deb10u4 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 03 Oct 2023 17:30:30 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: grub2_2.06-3~deb10u4_source.changes
Debian-source: grub2
Debian-suite: oldoldstable
Debian-version: 2.06-3~deb10u4
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=MZQR9RuElZ4WlctOVk7E2lwGmt3nog69eoCMiEJyPmc=; b=d0dfN/h096UsjkC9DUGdoi4JeI FNA+wX6gJySVA/08hA75Mnh4lbzB6TGwbJj7W5dmxRvMe4dEmcMgMSOc6kXQb+HtWuzcWh3UbQS+C Uv3X97jhuGILBRihX3Boe4XFGEXhw9+g/BIGOozL/vbeylIf81JD7t276bRERxynaDYOp6JDwWtlV lM+m0urqugacLxuHk35yui6WOXkV5AnXMQIFRw4WJmPxTvUts+mJHGX40qII1PD8CC4f+XIPrEkmV aqGpzbdyGWZi+h5UGuHXQ9C39LSFpnKmWAX2pktWkDJLQess0DZrDTTCwYopTC8gG0/BHRBxUkWiW d90hX7Zw==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1qnjE6-008g52-Ef@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 Oct 2023 16:11:34 +0200
Source: grub2
Architecture: source
Version: 2.06-3~deb10u4
Distribution: buster-security
Urgency: medium
Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net>
Changed-By: Julian Andres Klode <jak@debian.org>
Changes:
 grub2 (2.06-3~deb10u4) buster-security; urgency=medium
 .
   [ Mate Kukri ]
   * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
     and may leak sensitive information into the GRUB pager.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
       label.patch:
       fs/ntfs: Fix an OOB read when parsing a volume label
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
       index-at.patch:
       fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
       entries-fr.patch:
       fs/ntfs: Fix an OOB read when parsing directory entries from resident and
       non-resident index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
       reside.patch:
       fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
       attribute
     - CVE-2023-4693
   * SECURITY UPDATE: Crafted file system images can cause heap-based buffer
     overflow and may allow arbitrary code execution and secure boot bypass.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
       ATTRIBUTE_LIST-.patch:
       fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
       the $MFT file
     - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
       fs/ntfs: Make code more readable
     - CVE-2023-4692
 .
   [ Julian Andres Klode ]
   * Bump SBAT to grub,4
Checksums-Sha1:
 c43511c7180bf0f55fa0196693a9af4b5b9b1529 7117 grub2_2.06-3~deb10u4.dsc
 7d766831665384745452a659a3fdcdb79a9f83be 1095736 grub2_2.06-3~deb10u4.debian.tar.xz
 11a8f92c3855b4385fc260599a68ebdd5b8545ac 14847 grub2_2.06-3~deb10u4_source.buildinfo
Checksums-Sha256:
 8004a43c658a84c9a2834e50a234ddfcec8b89698b58c0f6c6b17931fd3c6b8d 7117 grub2_2.06-3~deb10u4.dsc
 ad07f5d1de940c6311bea6a98a7b2f9c15ce8ddde27605bae277ab7374fc8d83 1095736 grub2_2.06-3~deb10u4.debian.tar.xz
 b6fe9dc3604d43aa52327ea121e08eb496adebddc8438ab50723dc539e9bd82d 14847 grub2_2.06-3~deb10u4_source.buildinfo
Files:
 d00051c7e033ff43125022eaa42d60c2 7117 admin optional grub2_2.06-3~deb10u4.dsc
 65d93171bf6a707d0527ad471e540a33 1095736 admin optional grub2_2.06-3~deb10u4.debian.tar.xz
 2425569c2c2f9a5c8f4df13c243e455c 14847 admin optional grub2_2.06-3~deb10u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmUa/IcPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xk4MP/3VY0LjZ8km+6llQvazKlTrDU8u+sQJHIN3Y
9JP5P1DU5ZmhUeCG2L3cq2d1L1/eFay5nsRHLEssXr8ViPRAIuCwgdyvnKvRoQ/7
eSP+mMcv5m2NgxMJ2wokqfs9kTXAI2oHSFkLUEab1VUXITqkAlqUzGkZ5xhT2Nje
HaGfaWzVDB0BtSI014IGrkutBDSYd/tOFnQlc4gjjOryzkT+GNuRwM+rdta/CEVe
UE0eDolXM6FeCQIvcoUriBYdFwfH0cs+PrUXcBiHdvSInEXvnvvhvRTKP0m4tg5D
mTFB2vpsET4wWyZQY4J6CDU5p06oHW0k9YdEuw1WeO8HU3mK5XwT633nV9LSShjl
tiuKOqpcqy672wYvrMjXd5FMkbFLp3BeT4y4Vp07bjqoejQjvRDEDdM9Pxe3Pw0g
OdtMwiMgjuJvbpk2sjInfnpUoYEmebDyQWVNQ9CJ6RjjDqrD2VpoYfFlPkYH5tQg
PgSzCcfC2Gie57xsvmNvNcxNDb0I4y16xuCt3luoYsA8vsCXCvVbe0jOpapDKY5A
20Nd+AudILdw3UWvnT8R4z0ZAqaDDQWS/WACNMNWzc/papGgZmXsN9x23P8Fhybx
8OveSUDTzQNZnQAfiq1KBoQmrf2HxU6OVbjHr8TxKph0SjuD8Kh1254K7AKeXh/V
ESM8Hotg
=dnYQ
-----END PGP SIGNATURE-----