Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole

From:	John Paul Adrian Glaubitz
Subject:	Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole
Date:	Wed, 29 Jul 2020 22:20:24 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

On 7/29/20 10:12 PM, Christian Hesse wrote:
> This does not apply on top of grub 2.04. Will downstream maintainers have to
> do their cherry-picking on its own or will a maintenance branch on top of
> grub-2.04 (or what ever) be available?
> I would like to push updates to the Arch Linux repositories.

You may want to look at the Debian package which already has the patches
applied in Debian unstable [1].

I'm surprised that Arch did not receive a disclosure of the vulnerabilities
under NDA since Debian and the various enterprise distributions have it
already.

Adrian

> [1] https://salsa.debian.org/grub-team/grub/-/tree/master/debian/patches

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

[Prev in Thread]

Current Thread

[Next in Thread]

[SECURITY PATCH 25/28] efi/chainloader: Propagate errors from copy_file_path(), (continued)
- [SECURITY PATCH 25/28] efi/chainloader: Propagate errors from copy_file_path(), Daniel Kiper, 2020/07/29
- [SECURITY PATCH 26/28] efi: Fix use-after-free in halt/reboot path, Daniel Kiper, 2020/07/29
- [SECURITY PATCH 27/28] loader/linux: Avoid overflow on initrd size calculation, Daniel Kiper, 2020/07/29
- [SECURITY PATCH 28/28] linux: Fix integer overflows in initrd size handling, Daniel Kiper, 2020/07/29
- [SECURITY PATCH 09/28] xnu: Fix double free in grub_xnu_devprop_add_property(), Daniel Kiper, 2020/07/29
- [SECURITY PATCH 16/28] relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow, Daniel Kiper, 2020/07/29
- [SECURITY PATCH 17/28] relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow, Daniel Kiper, 2020/07/29
- [SECURITY PATCH 20/28] relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation, Daniel Kiper, 2020/07/29
- [SECURITY PATCH 21/28] hfsplus: Fix two more overflows, Daniel Kiper, 2020/07/29
- Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole, Christian Hesse, 2020/07/29
  - Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole, John Paul Adrian Glaubitz <=
    - Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole, Dimitri John Ledkov, 2020/07/29
    - Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole, John Paul Adrian Glaubitz, 2020/07/29

Prev by Date: Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole
Next by Date: Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole
Previous by thread: Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole
Next by thread: Re: [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole
Index(es):
- Date
- Thread