grub2 - Debian Package Tracker

general

source: grub2 (main)
version: 2.12-5
maintainer: GRUB Maintainers (archive) (DMD)
uploaders: Steve McIntyre [DMD] – Jordi Mallach [DMD] – Julian Andres Klode [DMD] – Felix Zielcke [DMD] [DM] – Mate Kukri [DMD]
arch: any
std-ver: 3.9.6
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.06-3~deb10u1
o-o-sec: 2.06-3~deb10u4
oldstable: 2.06-3~deb11u6
old-sec: 2.06-3~deb11u6
old-upd: 2.06-3~deb11u2
stable: 2.06-13+deb12u1
stable-sec: 2.06-13+deb12u1
stable-bpo: 2.12-1~bpo12+1
testing: 2.12-5
unstable: 2.12-5

versioned links

2.06-3~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.06-3~deb10u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.06-3~deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.06-3~deb11u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.06-13+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

grub-common (163 bugs: 1, 115, 47, 0)
grub-coreboot (1 bugs: 0, 0, 1, 0)
grub-coreboot-bin (1 bugs: 0, 1, 0, 0)
grub-coreboot-dbg
grub-efi (12 bugs: 0, 12, 0, 0)
grub-efi-amd64 (54 bugs: 6, 39, 9, 0)
grub-efi-amd64-bin (12 bugs: 0, 12, 0, 0)
grub-efi-amd64-dbg
grub-efi-amd64-signed-template
grub-efi-amd64-unsigned
grub-efi-arm (2 bugs: 0, 2, 0, 0)
grub-efi-arm-bin
grub-efi-arm-dbg
grub-efi-arm-unsigned
grub-efi-arm64 (5 bugs: 1, 4, 0, 0)
grub-efi-arm64-bin (1 bugs: 0, 1, 0, 0)
grub-efi-arm64-dbg
grub-efi-arm64-signed-template
grub-efi-arm64-unsigned
grub-efi-ia32 (5 bugs: 0, 4, 1, 0)
grub-efi-ia32-bin
grub-efi-ia32-dbg
grub-efi-ia32-signed-template
grub-efi-ia32-unsigned
grub-efi-ia64
grub-efi-ia64-bin
grub-efi-ia64-dbg
grub-efi-ia64-unsigned
grub-efi-loong64
grub-efi-loong64-bin
grub-efi-loong64-dbg
grub-efi-loong64-unsigned
grub-efi-riscv64
grub-efi-riscv64-bin
grub-efi-riscv64-dbg
grub-efi-riscv64-unsigned
grub-emu (1 bugs: 1, 0, 0, 0)
grub-emu-dbg
grub-firmware-qemu
grub-ieee1275 (8 bugs: 1, 6, 1, 0)
grub-ieee1275-bin (1 bugs: 0, 1, 0, 0)
grub-ieee1275-dbg
grub-linuxbios
grub-mount-udeb
grub-pc (256 bugs: 3, 201, 52, 0)
grub-pc-bin (7 bugs: 0, 6, 1, 0)
grub-pc-dbg (1 bugs: 1, 0, 0, 0)
grub-rescue-pc (3 bugs: 0, 1, 2, 0)
grub-theme-starfield
grub-uboot (1 bugs: 0, 1, 0, 0)
grub-uboot-bin
grub-uboot-dbg
grub-xen (3 bugs: 0, 2, 1, 0)
grub-xen-bin
grub-xen-dbg
grub-xen-host (2 bugs: 0, 2, 0, 0)
grub-yeeloong
grub-yeeloong-bin
grub-yeeloong-dbg
grub2 (65 bugs: 0, 44, 21, 0)
grub2-common (66 bugs: 2, 41, 23, 0)

action needed

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2024-49504: grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
CVE-2024-56737: GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2024-56738: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

Created: 2024-12-20 Last update: 2024-12-30 03:30

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2024-49504: grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
CVE-2024-56737: GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2024-56738: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

Created: 2024-12-20 Last update: 2024-12-30 03:30

4 security issues in bullseye high

There are 4 open security issues in bullseye.

3 important issues:

CVE-2024-49504: grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
CVE-2024-56737: GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2024-56738: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

1 issue postponed or untriaged:

CVE-2021-3981: (needs triaging) A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

Created: 2024-12-20 Last update: 2024-12-30 03:30

3 security issues in bookworm high

There are 3 open security issues in bookworm.

3 important issues:

CVE-2024-49504: grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
CVE-2024-56737: GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2024-56738: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

Created: 2024-12-20 Last update: 2024-12-30 03:30

lintian reports 421 errors and 163 warnings high

Lintian reports 421 errors and 163 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-01-13 Last update: 2024-07-16 11:33

debian/patches: 2 patches with invalid metadata, 60 patches to forward upstream high

Among the 75 debian patches available in version 2.12-5 of the package, we noticed the following issues:

2 patches with invalid metadata that ought to be fixed.
60 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-07-16 09:10

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 3.9.6).

Created: 2016-02-06 Last update: 2024-07-16 02:42

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2022-09-24 Last update: 2025-01-05 17:30

60 bugs tagged patch in the BTS normal

The BTS contains patches fixing 60 bugs (71 if counting merged bugs), consider including or untagging them.

Created: 2024-02-25 Last update: 2025-01-05 17:00

7 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 570a5b5db8ccb7059e1f0379a3cf81ae8ce8ebed
Merge: b5ab718 04d478d
Author: Felix Zielcke <fzielcke@z-51.de>
Date:   Tue Dec 31 11:14:20 2024 +0000

    Merge branch 'update-translation-ca' into 'master'
    
    Update translation
    
    See merge request grub-team/grub!69

commit 04d478d5c028bf858ba16ff103ef0bae79f7171f
Author: Carles Pina i Estany <carles@pina.cat>
Date:   Wed Oct 30 08:41:03 2024 +0000

    Update translation

commit b5ab718559450082884984b97b45317d80969fc2
Merge: 79ce088 33d7ee2
Author: Julian Andres Klode <jak@debian.org>
Date:   Wed Dec 11 10:32:49 2024 +0000

    Merge branch 'master' into 'master'
    
    Please include pending debconf translations
    
    See merge request grub-team/grub!70

commit 33d7ee2ad068a42dad9b9af219df4fdefb60573f
Author: Viktar Siarheichyk <vics@eq.by>
Date:   Mon Nov 4 21:27:10 2024 +0100

    Updated Belarusian translation. (Closes #1034905)

commit 6a606a7b272e31cd562ddd762fae80c36687bbee
Author: Miroslav Kure <kurem@upcase.inf.upol.cz>
Date:   Mon Nov 4 21:26:45 2024 +0100

    Updated Czech translation of grub debconf messages. (Closes #1035052)

commit 79ce0889a02f0a35a094a9b89845aa20acfcd0d6
Merge: c5fc699 1a73790
Author: Julian Andres Klode <jak@debian.org>
Date:   Fri Oct 18 16:33:32 2024 +0000

    Merge branch 'reenable-spcr' into 'master'
    
    Fix out of bounds XSDT access, re-enable ACPI SPCR table support
    
    See merge request grub-team/grub!68

commit 1a737906bc5d002d5bc542c953de6f18974d8081
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Fri Oct 18 14:11:18 2024 +0100

    Fix out of bounds XSDT access, re-enable ACPI SPCR table support
    
    - Apply upstream patch to fix out of bounds access when searching XSDT
    - This should stop GRUB crashing when searching for a non-existent SPCR
      table.

Created: 2024-10-18 Last update: 2024-12-31 13:34

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2020-02-26 Last update: 2024-01-25 15:10

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2014-07-02 Last update: 2014-07-02 18:05

news

[rss feed]

[2024-07-21] grub2 2.12-5 MIGRATED to testing (Debian testing watch)
[2024-07-15] Accepted grub2 2.12-5 (source) into unstable (Felix Zielcke)
[2024-07-10] Accepted grub2 2.12-4 (source) into unstable (Felix Zielcke)
[2024-05-03] grub2 2.12-2 MIGRATED to testing (Debian testing watch)
[2024-04-25] Accepted grub2 2.12-3 (source amd64) into experimental (Debian FTP Masters) (signed by: Julian Andres Klode)
[2024-04-07] grub2 2.12-2~deb13u1 MIGRATED to testing (Debian testing watch)
[2024-04-05] Accepted grub2 2.12-2 (source) into unstable (Julian Andres Klode)
[2024-04-05] Accepted grub2 2.12-2~deb13u1 (source) into testing-proposed-updates (Julian Andres Klode)
[2024-04-03] Accepted grub2 2.12-1.1 (source) into unstable (Bastian Blank)
[2024-03-13] Accepted grub2 2.12-1~bpo12+1 (source amd64) into stable-backports (Debian FTP Masters) (signed by: John Goerzen)
[2024-02-01] grub2 2.12-1 MIGRATED to testing (Debian testing watch)
[2024-01-23] Accepted grub2 2.12-1 (source) into unstable (Mate Kukri) (signed by: Julian Andres Klode)
[2024-01-12] Accepted grub2 2.12~rc1-13 (source) into unstable (Julian Andres Klode)
[2023-11-09] Accepted grub2 2.12~rc1-12 (source) into unstable (Julian Andres Klode)
[2023-10-11] grub2 2.06-13+deb13u1 MIGRATED to testing (Debian testing watch)
[2023-10-10] Accepted grub2 2.06-3~deb11u6 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Julian Andres Klode)
[2023-10-10] Accepted grub2 2.06-13+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Julian Andres Klode)
[2023-10-09] Accepted grub2 2.06-13+deb13u1 (source) into testing-proposed-updates (Julian Andres Klode)
[2023-10-06] Accepted grub2 2.06-3~deb11u6 (source) into oldstable-security (Debian FTP Masters) (signed by: Julian Andres Klode)
[2023-10-06] Accepted grub2 2.06-13+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Julian Andres Klode)
[2023-10-03] Accepted grub2 2.12~rc1-11 (source) into unstable (Julian Andres Klode)
[2023-10-03] Accepted grub2 2.06-3~deb10u4 (source) into oldoldstable (Julian Andres Klode)
[2023-09-18] Accepted grub2 2.12~rc1-10 (source) into unstable (Julian Andres Klode)
[2023-09-05] Accepted grub2 2.12~rc1-9 (source) into unstable (Julian Andres Klode)
[2023-09-05] Accepted grub2 2.12~rc1-8 (source) into unstable (Julian Andres Klode)
[2023-09-04] Accepted grub2 2.12~rc1-7 (source) into unstable (Julian Andres Klode)
[2023-09-04] Accepted grub2 2.12~rc1-6 (source amd64) into experimental (Debian FTP Masters) (signed by: Julian Andres Klode)
[2023-07-25] Accepted grub2 2.12~rc1-3 (source) into experimental (Julian Andres Klode)
[2023-07-21] Accepted grub2 2.12~rc1-2 (source) into experimental (Julian Andres Klode)
[2023-07-19] Accepted grub2 2.12~rc1-1 (source) into experimental (Julian Andres Klode)

bugs [bug history graph]

all: 686 715
RC: 17 18
I&N: 505 524
M&W: 162 171
F&P: 2
patch: 60 71

links

homepage
lintian (421, 163)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (89, 80)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.12-5ubuntu7
245 bugs (17 patches)
patches for 2.12-5ubuntu7