Accepted grub2 2.06-13+deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted grub2 2.06-13+deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 10 Oct 2023 20:47:08 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: grub2_2.06-13+deb12u1_source.changes
- Debian-source: grub2
- Debian-suite: proposed-updates
- Debian-version: 2.06-13+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=to/gNahyDiqMPrqIF0poCK/kMuh6EOxKewrUNoEZbug=; b=mCI9NgDQPV4W9iAf9uqdToWMPg SaMuInVqdZ5fbzTAGRJW0ijfaxdxP5SQwYLmpPPwlQq7YeRLS1aRdECbSxAhRItUT4SHSuD2sH8Wo Pt3v/olY5Uuv+Sr0ne6/V6D/Rzoc/wX4C5gu5g6KqyJpG4SjYYii0APLdqFp7mMmR3DEJmUry0v0s vQdtRGyPGPTPreeCsWADpWfsqU+eXCfMFr/ik9wu9yZ73dBwbB8oA5ZGT1BIbP2+VMJrHJ2Wj67ny A52d1Dzc2fQTAJsG0qaYkoCbC+nUVrvNwIhbuesWAydKg3sO3a6w3u7v+/d8b0uwC9d7MHu/0nS7y +9cDr6tg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qqJdE-00CY0n-GT@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 02 Oct 2023 16:11:34 +0200
Source: grub2
Architecture: source
Version: 2.06-13+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net>
Changed-By: Julian Andres Klode <jak@debian.org>
Changes:
grub2 (2.06-13+deb12u1) bookworm-security; urgency=medium
.
[ Mate Kukri ]
* SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
and may leak sensitive information into the GRUB pager.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
label.patch:
fs/ntfs: Fix an OOB read when parsing a volume label
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
index-at.patch:
fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
entries-fr.patch:
fs/ntfs: Fix an OOB read when parsing directory entries from resident and
non-resident index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
reside.patch:
fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
attribute
- CVE-2023-4693
* SECURITY UPDATE: Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
ATTRIBUTE_LIST-.patch:
fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
the $MFT file
- d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
fs/ntfs: Make code more readable
- CVE-2023-4692
.
[ Julian Andres Klode ]
* Bump SBAT to grub,4
Checksums-Sha1:
00cd7af388fb45e5ae5a81cfc729bef15863484f 6854 grub2_2.06-13+deb12u1.dsc
86ff89731a0af97520a9329ea3a3652cf8cedde2 1115764 grub2_2.06-13+deb12u1.debian.tar.xz
916c890be6ff432be3c92fff3af1e2235190b131 12866 grub2_2.06-13+deb12u1_source.buildinfo
Checksums-Sha256:
03f224abef299fd769ef0800d5cf81d65dbf2d1071988638c2348c3792ddf10f 6854 grub2_2.06-13+deb12u1.dsc
84e33fd5399c95410603e485a5b82b69d7f33e94c6146f3eb3bbe452894c8e6e 1115764 grub2_2.06-13+deb12u1.debian.tar.xz
af26d828dbda1d6aa3bb84a41a93772d6725c7915f732bef0f8e9908632096e4 12866 grub2_2.06-13+deb12u1_source.buildinfo
Files:
c74b87ae1521df3feb274863ed7b169a 6854 admin optional grub2_2.06-13+deb12u1.dsc
05e83e408cbc7e01bdf1f006a0729f12 1115764 admin optional grub2_2.06-13+deb12u1.debian.tar.xz
b549671d09c63937767fb4e7e88139e9 12866 admin optional grub2_2.06-13+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmUa/GkPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xoTIP/R2pP4aTSCGJ57sEW2wqh+QrRB69CMfFuMbr
LrDDdHRXR2yxkAhKPwKOci80rEKR9cwd5HS/qYidLlc0IAvnVxjtoFatp+Mf8pRl
aDwrZuL4VDVYT3PboTVsRRLTJxbRiPSrr6HC4pn53Iy2rye2RvqKJQ3wEwoEP+d8
ME8l/QHMJ80ktzCSLtWQHGmkLMQWUzRIQrqW9s78tDtqfT0Lg5tL+DGfwd1GIp/H
c8JyPGMlVG6TbMOZna0crTdGjobNkYRvqR1mQwKwUiTcV4JpkqKcYsEHlHrbooV3
DeKIqrYxkZoG3amqX9MAuHsutQCMi3KKAmcVn/YTTJcEIpC4cxHcnKbuJL8nEYuO
XJUMvbf4JTaLeZivCVm1hCjprBei5Xmx8mWD99SrQbXc+yHIwOnlBbImhhEj6DAm
StbmIT+W7vZ8gCy4iwDFpqL6uDMKpeOWMxnvHCAhyH1yWVb2epoHoe8HaGmLx7pj
5JJM7AyTo52MjXDcuamhhRu8ZWnIyvJ/Kd1H6sIn4daE0nSJBsB7wTlKar3kz2wv
DzNl7eJ51EBikeKoySc78GNHznWc4RLJWLJ46s8lF3wIiWBS6gsKxJl+QgMo6WfJ
jJs7H4YQBVEzKpdqHLcwbPsRefvv+HMub1QHqNw8/YAb5g+lJi5HoRhYPjbWSIbP
DOKoQ/hC
=xvVe
-----END PGP SIGNATURE-----