-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Feb 2024 18:22:25 -0700 Source: edk2 Architecture: source Version: 2020.11-2+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: dann frazier <dannf@debian.org> Changes: edk2 (2020.11-2+deb11u2) bullseye-security; urgency=medium . * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733. Thanks to Mate Kukri. LP: #2040137. - Backport support for GetSetupMode() and IsSecureBootEnabled(): + 0001-SecurityPkg-Create-SecureBootVariableLib.patch + 0002-ArmVirtPkg-add-SecureBootVariableLib-class-resolutio.patch + 0003-OvmfPkg-add-SecureBootVariableLib-class-resolution.patch + 0004-SecurityPkg-SecureBootVariableLib-Added-newly-suppor.patch + 0005-EmulatorPkg-add-SecureBootVariableLib-class-resoluti.patch - Disable the built-in Shell when SecureBoot is enabled: + Disable-the-Shell-when-SecureBoot-is-enabled.patch - d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active. Checksums-Sha1: eff7f44242bb8e420e32e5d37cee04de9fdf7333 2828 edk2_2020.11-2+deb11u2.dsc 4018a25d8b3e3d11ecc87270773f1d543f099ba8 7077 edk2_2020.11.orig-qemu-ovmf-secureboot-1-1-3.tar.gz 27b736c57db5b861cdfdf393d2e7b3c1cd3aae31 35826376 edk2_2020.11.orig.tar.xz dc198c6605856cbd9ae767c3540e20c3abe118a0 36620 edk2_2020.11-2+deb11u2.debian.tar.xz 1fa4b12a6233541bdc9680cfe7ed33349d7c1d27 10578 edk2_2020.11-2+deb11u2_source.buildinfo Checksums-Sha256: 443f34e4f9d5e3ff1b6e429faa70eb78590d0e53dc67874e93623c9f4e73ce67 2828 edk2_2020.11-2+deb11u2.dsc f0874d37e5d0a72c27d5f717cb161fd48d252f26bfaf74ebc5761e36b3992363 7077 edk2_2020.11.orig-qemu-ovmf-secureboot-1-1-3.tar.gz 9cfac20ddf4cef38ecf9ad91c56bfbb1ffd1bb9bdd9fb2fbfc529ea5478c330e 35826376 edk2_2020.11.orig.tar.xz 020d35a7be01be34572fc847c9acf78a7b3a5bca0b5c871d77ee11cca88498c7 36620 edk2_2020.11-2+deb11u2.debian.tar.xz b49eb9e86f615f84fdc52f7a8f64ef4e93dc5e45244a7ad0cd6cf23139185c54 10578 edk2_2020.11-2+deb11u2_source.buildinfo Files: 98a5f5290cbd18ad26e4c0b28f65d348 2828 misc optional edk2_2020.11-2+deb11u2.dsc a29d393bad8ee2dd6acac99ebb116e86 7077 misc optional edk2_2020.11.orig-qemu-ovmf-secureboot-1-1-3.tar.gz 64f70e6a2fafb667d05b9b4a6bb8439b 35826376 misc optional edk2_2020.11.orig.tar.xz 1e13a7e5e78c6afe76e625a0ca074636 36620 misc optional edk2_2020.11-2+deb11u2.debian.tar.xz 02a512aaf5274563f1b6ce85da09eb25 10578 misc optional edk2_2020.11-2+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAmXMJOERHGRhbm5mQGRl Ymlhbi5vcmcACgkQG/g8XlT8hkCpCg/+IBJla2vfZYK9NbUwWn6tlwbUBf2gUQVt ebOUVwEhgx0VrLia9jivw6AKS+wx/dEVz2ERuOu/LYM57yqNDCDnUNq2bbecmBrD 4gRdRxCP1vDwzOD6z77mrSQJbs9p8WNPH05n7TyZlN1GeoFVDj4dVJwrFsPjrcbX bKn80OGf+URon3OeYLDZlX2IMMVwW9fArSz7Vrht9xd0l2yLAMBC7T/QgpFBa9hr sAXDIwQquf/IAkVbScqgxFKKKack76FYS8RE6STz6DmpJcs9bo/xOz3gnJecB2Bf 1gOxhOAGp73OBpBiQJvLNO7AfyGpwQHtmZIskG1ml6YnumYsgxtPTVOP0U53RFlt 6buag8OpfQuiQbAchJn/fByRTmkllHgOC+AbPBuiLTwzPop6no6a9Xx+0Ma/3/G4 9c4AlRA61M5pJ71Z5s+mERXhTcwjT+2zbNx6Kw2eJB1rSRGSVIAfVri1cP2qIKjs or2ZgJsu74wVMq9BSV2i0vf2UW70EABtERJR0ay+ouNKbH+4R9Vqln+WFvAdUXsi V1pK2P25rtBdDlEb82FtJiKd3mgzkqAIgoZ2Pa5m/27Du8v8m8Nd4jvKQeIBREzq K2Bx3xEhbhwOEYjbrUpljHHFqQ04KqwQbWjGQlwO0yo5BSfyy73zQFiSxQTpXBq1 O79uChuT26M= =UaOW -----END PGP SIGNATURE-----