grub2_2.06-13+deb13u1_source.changes ACCEPTED into testing-proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Mon Oct 9 12:04:05 BST 2023


Thank you for your contribution to Debian.

Mapping trixie to testing.
Mapping testing to testing-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 Oct 2023 16:11:34 +0200
Source: grub2
Architecture: source
Version: 2.06-13+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>
Changed-By: Julian Andres Klode <jak at debian.org>
Changes:
 grub2 (2.06-13+deb13u1) trixie; urgency=medium
 .
   [ Mate Kukri ]
   * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
     and may leak sensitive information into the GRUB pager.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
       label.patch:
       fs/ntfs: Fix an OOB read when parsing a volume label
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
       index-at.patch:
       fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
       entries-fr.patch:
       fs/ntfs: Fix an OOB read when parsing directory entries from resident and
       non-resident index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
       reside.patch:
       fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
       attribute
     - CVE-2023-4693
   * SECURITY UPDATE: Crafted file system images can cause heap-based buffer
     overflow and may allow arbitrary code execution and secure boot bypass.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
       ATTRIBUTE_LIST-.patch:
       fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
       the $MFT file
     - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
       fs/ntfs: Make code more readable
     - CVE-2023-4692
 .
   [ Julian Andres Klode ]
   * Bump SBAT to grub,4
Checksums-Sha1:
 fbcbc4216505fa07b3ed11480a7000fe9c32bdea 7089 grub2_2.06-13+deb13u1.dsc
 e048fa8cae22cad0e33ae270d1f15c5f726fce74 1115564 grub2_2.06-13+deb13u1.debian.tar.xz
 0bfce6d8a44a949675fe21a7fc77477c2a0922ed 13913 grub2_2.06-13+deb13u1_source.buildinfo
Checksums-Sha256:
 1995fb2794a16f436b718a453005b75752c8dc24ca933bbc4902f01d8f2fd00d 7089 grub2_2.06-13+deb13u1.dsc
 2d6c7fe163e571ab6196e86bad6be6cc2247d48543e0609c596882124753c00d 1115564 grub2_2.06-13+deb13u1.debian.tar.xz
 8bcd29b069971b45e20609b987029ba36ee0eebe4c40337a88d64d1853d2adfa 13913 grub2_2.06-13+deb13u1_source.buildinfo
Files:
 a882d905e3a67c8aed2315c331b7fdf5 7089 admin optional grub2_2.06-13+deb13u1.dsc
 9e88ff44bf7c3a51998d8b7285b8f98a 1115564 admin optional grub2_2.06-13+deb13u1.debian.tar.xz
 c7ca4a4c2c1d1e13ab3c25a915fcad89 13913 admin optional grub2_2.06-13+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmUj2hkPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xIFcP/A/I+Q8O0i0x+eBPq/CseDVOV6rA6hP6QI7z
n7MInY15xWA20aSOuIxGYrs5bykRR9/X7ABlEWkaDFP4431sJa8+KfG7IbasWFWP
NmDmtnkhw2C3yM9S6yLaaJEQ4MRbhnpxTNPko4Wyh/z/pPI3fAWxGdx+y2LQYXwQ
yeyXcHA3GDkzG67YeUUFocgxEkPlQo5ezZkgocjQZqBNtYshq6880il7Hlpi7NW+
DmjYIhDrl6+N5uytpxRDVihnxZSu9vcRdveaznaxPbAY2q70ko9P9pabkDe4RnNb
42fg52PGvhzWb72Jy55cMMMEQYo4qQJ6tPrQhfHz9/3T/tU5D7ScQ7Gs0y+BDXhE
mPYqVs+tIPknx8azE4aFpcr+2ImdelYVDTZT/cGuVIcL8oSuwJg1tBSDetX1/rHK
+UF7RZ5UggHbhwNNOinU3SmuA0ZbGgk24spWg0Fv1suYx/uMwOhOohWszrR/3IJw
dVk2Zww9YX0ze7DsU0aDffBIVkbBTe16i8OoUA39r51je3lctEdYGYtwgmfg5/nm
Sd11Rfq9bwON3xcXqO8GbXLDb69L7c2968RvU6DmvnHd1neaORXyx5Msrt/khcf6
UnC8sIGp5cRmoEHSI0Faq4Qs1mBhB8lGljPFRFEn57PwpjvsGd8nkj6msAOlYIhA
S/O7Ra92
=axZA
-----END PGP SIGNATURE-----




More information about the Pkg-grub-devel mailing list