-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 02 Oct 2023 16:11:34 +0200
Source: grub2
Architecture: source
Version: 2.06-13+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net>
Changed-By: Julian Andres Klode <jak@debian.org>
Changes:
grub2 (2.06-13+deb13u1) trixie; urgency=medium
.
[ Mate Kukri ]
* SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
and may leak sensitive information into the GRUB pager.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
label.patch:
fs/ntfs: Fix an OOB read when parsing a volume label
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
index-at.patch:
fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
entries-fr.patch:
fs/ntfs: Fix an OOB read when parsing directory entries from resident and
non-resident index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
reside.patch:
fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
attribute
- CVE-2023-4693
* SECURITY UPDATE: Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
ATTRIBUTE_LIST-.patch:
fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
the $MFT file
- d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
fs/ntfs: Make code more readable
- CVE-2023-4692
.
[ Julian Andres Klode ]
* Bump SBAT to grub,4
Checksums-Sha1:
fbcbc4216505fa07b3ed11480a7000fe9c32bdea 7089 grub2_2.06-13+deb13u1.dsc
e048fa8cae22cad0e33ae270d1f15c5f726fce74 1115564 grub2_2.06-13+deb13u1.debian.tar.xz
0bfce6d8a44a949675fe21a7fc77477c2a0922ed 13913 grub2_2.06-13+deb13u1_source.buildinfo
Checksums-Sha256:
1995fb2794a16f436b718a453005b75752c8dc24ca933bbc4902f01d8f2fd00d 7089 grub2_2.06-13+deb13u1.dsc
2d6c7fe163e571ab6196e86bad6be6cc2247d48543e0609c596882124753c00d 1115564 grub2_2.06-13+deb13u1.debian.tar.xz
8bcd29b069971b45e20609b987029ba36ee0eebe4c40337a88d64d1853d2adfa 13913 grub2_2.06-13+deb13u1_source.buildinfo
Files:
a882d905e3a67c8aed2315c331b7fdf5 7089 admin optional grub2_2.06-13+deb13u1.dsc
9e88ff44bf7c3a51998d8b7285b8f98a 1115564 admin optional grub2_2.06-13+deb13u1.debian.tar.xz
c7ca4a4c2c1d1e13ab3c25a915fcad89 13913 admin optional grub2_2.06-13+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmUj2hkPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xIFcP/A/I+Q8O0i0x+eBPq/CseDVOV6rA6hP6QI7z
n7MInY15xWA20aSOuIxGYrs5bykRR9/X7ABlEWkaDFP4431sJa8+KfG7IbasWFWP
NmDmtnkhw2C3yM9S6yLaaJEQ4MRbhnpxTNPko4Wyh/z/pPI3fAWxGdx+y2LQYXwQ
yeyXcHA3GDkzG67YeUUFocgxEkPlQo5ezZkgocjQZqBNtYshq6880il7Hlpi7NW+
DmjYIhDrl6+N5uytpxRDVihnxZSu9vcRdveaznaxPbAY2q70ko9P9pabkDe4RnNb
42fg52PGvhzWb72Jy55cMMMEQYo4qQJ6tPrQhfHz9/3T/tU5D7ScQ7Gs0y+BDXhE
mPYqVs+tIPknx8azE4aFpcr+2ImdelYVDTZT/cGuVIcL8oSuwJg1tBSDetX1/rHK
+UF7RZ5UggHbhwNNOinU3SmuA0ZbGgk24spWg0Fv1suYx/uMwOhOohWszrR/3IJw
dVk2Zww9YX0ze7DsU0aDffBIVkbBTe16i8OoUA39r51je3lctEdYGYtwgmfg5/nm
Sd11Rfq9bwON3xcXqO8GbXLDb69L7c2968RvU6DmvnHd1neaORXyx5Msrt/khcf6
UnC8sIGp5cRmoEHSI0Faq4Qs1mBhB8lGljPFRFEn57PwpjvsGd8nkj6msAOlYIhA
S/O7Ra92
=axZA
-----END PGP SIGNATURE-----
