Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted grub2 2.12~rc1-11 (source) into unstable
Date: Tue, 03 Oct 2023 17:43:33 +0000
Signed by: Julian Andres Klode <jak@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 Oct 2023 15:55:25 +0200
Source: grub2
Architecture: source
Version: 2.12~rc1-11
Distribution: unstable
Urgency: medium
Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net>
Changed-By: Julian Andres Klode <juliank@ubuntu.com>
Changes:
 grub2 (2.12~rc1-11) unstable; urgency=medium
 .
   [ Mate Kukri ]
   * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
     and may leak sensitive information into the GRUB pager.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
       label.patch:
       fs/ntfs: Fix an OOB read when parsing a volume label
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
       index-at.patch:
       fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
       entries-fr.patch:
       fs/ntfs: Fix an OOB read when parsing directory entries from resident and
       non-resident index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
       reside.patch:
       fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
       attribute
     - CVE-2023-4693
   * SECURITY UPDATE: Crafted file system images can cause heap-based buffer
     overflow and may allow arbitrary code execution and secure boot bypass.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
       ATTRIBUTE_LIST-.patch:
       fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
       the $MFT file
     - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
       fs/ntfs: Make code more readable
     - CVE-2023-4692
   * efi: Cleanup peimage.c
 .
   [ Julian Andres Klode ]
   * Bump SBAT to grub,4
Checksums-Sha1:
 4d4e589c43a6a69805e563ae2ca757bdf8211991 7151 grub2_2.12~rc1-11.dsc
 c97e47a9167999420135ba8fd3964a02d0c2f0b5 1073004 grub2_2.12~rc1-11.debian.tar.xz
 63c2b510c7136a62016fb391804cd8b0cdb17eb4 13791 grub2_2.12~rc1-11_source.buildinfo
Checksums-Sha256:
 4b023c64b6ab557ab715580bc86afcaa905820589f2f9881a7cd01bb522c58d8 7151 grub2_2.12~rc1-11.dsc
 a18a10e886fc281f1d8951af2a09d06b9e82647b096567c056a7e02446c54cb2 1073004 grub2_2.12~rc1-11.debian.tar.xz
 e4484edf3feb9591b1f2486b92c90da599c0237bb977450d6d3d2531f1bbdb54 13791 grub2_2.12~rc1-11_source.buildinfo
Files:
 f26e3450de485d0adbaf5fccee56e25a 7151 admin optional grub2_2.12~rc1-11.dsc
 69fab14f3f75c161d76616babccef7d7 1073004 admin optional grub2_2.12~rc1-11.debian.tar.xz
 ae804839e8b11fc8a9fa9fffd9026767 13791 admin optional grub2_2.12~rc1-11_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmUazmIPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xNFwQAIjh4T7aOxUuiYIaOXrtpM+qP66eYjecwqK2
FQEBm0F7TGAv+X83RsnwwkzmxKGXQpTNt/PAArVryBx+xXr0AQv3kLBdXaSIJtQz
5yT+fhMVRwQqF5kGrTcjkZoRryO7tYHpDRH4gpllI5ggkJbToqqoaQNYcdA+yBWt
8HZ5ujgz8OnaP4ycZS7pwG8eB/HLCPSoPZDcT7Yte4X7Em57ypRIVvKaGFv+xxmc
m7dQo1iOwWUUNKt1bT5v5pnkUw0LFUQnCR8OC3IWejBnNAWe6IFj/rNX0d1oAsso
TNfQoEDLg5Ckgs1sSap7aE9s8rkvVeZd/bzaQvmfEtiN4yu0Op0W2k8w60Ff8aqc
HXNX0wAaMZ1d79DGXD3DK5itDczATtwC6iXqVXwo1uzlvnnSLmrKRtPkx2q2F73Y
n7nBcz4dECywOaVApuH4paRb9nXHfN7fsbIbpBMrSGR8Xs4YAgJqBubMeudbVOx+
4CS6PxUXGV469ePSnJtzkPVqh21IpH/BoQe9Dq1NPMvaeIF1seQr3pXxu2/69tJO
yK1d79EkNbI/dCoWTrPlhv/x/O8UdYGqBwaB6dnqu4P4pYBFvjcW2dxteJ0rQX5g
e7/Owpstqo++bXwEEPzm4cWSyfEY+x55EeEXdgd2HEOByhkq1ye43Y2o4hbhxjCx
Br6oWMc4
=B8oo
-----END PGP SIGNATURE-----
News for package grub2
