Accepted grub2 2.06-13+deb13u1 (source) into testing-proposed-updates
- To: debian-testing-changes@lists.debian.org
- Subject: Accepted grub2 2.06-13+deb13u1 (source) into testing-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 09 Oct 2023 11:04:05 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: grub2_2.06-13+deb13u1_source.changes
- Debian-source: grub2
- Debian-suite: testing-proposed-updates
- Debian-version: 2.06-13+deb13u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=qKBx4mWifbYtwO+zb8hcPYZisCIZav1twARTmvUStZk=; b=koBwOaZGz+20CMXO2GbOfmd02U 54WPsgM4EBOqSR2hsLIan8NRr+uQg1RUKv+vduyt8NJD4sXlaDOrX5r/b9AjqiPRU4NioCHlgkZ62 jnaTQgQ/QlKE76ulo3uLwo6wshjZfEerTzWoJcSNhSCatducFk/EWfyLlOMAo5MNHLiRjIBYrihjC 24sqBaLYEBeoj9zOGDMLAS5pqSzLGUMeqHQMngxqmEy7fe9UjWl2ZkpAwtpWxMpYP6QjCvL3rrQVu CNNTspB1uPE3uyptqRyMrIFje1fGJ4Yd3+usSIPqN/+OilnVVB5qkxlmHZkH7+NapyyBhc2R+aQpW kWVdfNlg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qpo3R-00554R-A0@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 02 Oct 2023 16:11:34 +0200
Source: grub2
Architecture: source
Version: 2.06-13+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net>
Changed-By: Julian Andres Klode <jak@debian.org>
Changes:
grub2 (2.06-13+deb13u1) trixie; urgency=medium
.
[ Mate Kukri ]
* SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
and may leak sensitive information into the GRUB pager.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
label.patch:
fs/ntfs: Fix an OOB read when parsing a volume label
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
index-at.patch:
fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
entries-fr.patch:
fs/ntfs: Fix an OOB read when parsing directory entries from resident and
non-resident index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
reside.patch:
fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
attribute
- CVE-2023-4693
* SECURITY UPDATE: Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
ATTRIBUTE_LIST-.patch:
fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
the $MFT file
- d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
fs/ntfs: Make code more readable
- CVE-2023-4692
.
[ Julian Andres Klode ]
* Bump SBAT to grub,4
Checksums-Sha1:
fbcbc4216505fa07b3ed11480a7000fe9c32bdea 7089 grub2_2.06-13+deb13u1.dsc
e048fa8cae22cad0e33ae270d1f15c5f726fce74 1115564 grub2_2.06-13+deb13u1.debian.tar.xz
0bfce6d8a44a949675fe21a7fc77477c2a0922ed 13913 grub2_2.06-13+deb13u1_source.buildinfo
Checksums-Sha256:
1995fb2794a16f436b718a453005b75752c8dc24ca933bbc4902f01d8f2fd00d 7089 grub2_2.06-13+deb13u1.dsc
2d6c7fe163e571ab6196e86bad6be6cc2247d48543e0609c596882124753c00d 1115564 grub2_2.06-13+deb13u1.debian.tar.xz
8bcd29b069971b45e20609b987029ba36ee0eebe4c40337a88d64d1853d2adfa 13913 grub2_2.06-13+deb13u1_source.buildinfo
Files:
a882d905e3a67c8aed2315c331b7fdf5 7089 admin optional grub2_2.06-13+deb13u1.dsc
9e88ff44bf7c3a51998d8b7285b8f98a 1115564 admin optional grub2_2.06-13+deb13u1.debian.tar.xz
c7ca4a4c2c1d1e13ab3c25a915fcad89 13913 admin optional grub2_2.06-13+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmUj2hkPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xIFcP/A/I+Q8O0i0x+eBPq/CseDVOV6rA6hP6QI7z
n7MInY15xWA20aSOuIxGYrs5bykRR9/X7ABlEWkaDFP4431sJa8+KfG7IbasWFWP
NmDmtnkhw2C3yM9S6yLaaJEQ4MRbhnpxTNPko4Wyh/z/pPI3fAWxGdx+y2LQYXwQ
yeyXcHA3GDkzG67YeUUFocgxEkPlQo5ezZkgocjQZqBNtYshq6880il7Hlpi7NW+
DmjYIhDrl6+N5uytpxRDVihnxZSu9vcRdveaznaxPbAY2q70ko9P9pabkDe4RnNb
42fg52PGvhzWb72Jy55cMMMEQYo4qQJ6tPrQhfHz9/3T/tU5D7ScQ7Gs0y+BDXhE
mPYqVs+tIPknx8azE4aFpcr+2ImdelYVDTZT/cGuVIcL8oSuwJg1tBSDetX1/rHK
+UF7RZ5UggHbhwNNOinU3SmuA0ZbGgk24spWg0Fv1suYx/uMwOhOohWszrR/3IJw
dVk2Zww9YX0ze7DsU0aDffBIVkbBTe16i8OoUA39r51je3lctEdYGYtwgmfg5/nm
Sd11Rfq9bwON3xcXqO8GbXLDb69L7c2968RvU6DmvnHd1neaORXyx5Msrt/khcf6
UnC8sIGp5cRmoEHSI0Faq4Qs1mBhB8lGljPFRFEn57PwpjvsGd8nkj6msAOlYIhA
S/O7Ra92
=axZA
-----END PGP SIGNATURE-----