-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 20:50:28 +0200 Source: grub2 Architecture: source Version: 2.12-2~deb13u1 Distribution: trixie Urgency: medium Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net> Changed-By: Julian Andres Klode <juliank@ubuntu.com> Changes: grub2 (2.12-2~deb13u1) trixie; urgency=medium . [ Mate Kukri ] * Revert peimage to re-use GRUB's image handle (LP: #2057679) (LP: #2054127) * d/build-efi-images: Make sure downstream didn't remove peimage SBAT entry * SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127] - CVE-2024-2312 . [ Julian Andres Klode ] * Bump SBAT level to `grub.peimage,2`; and also bump `grub.debian,5` to make sure we can revoke any downstream users of peimage that forgot to include the grub.peimage component if that should become necessary. Checksums-Sha1: 3f02dff7ddbaf5fd7ae234b5a87727fd4101f881 7414 grub2_2.12-2~deb13u1.dsc b2758104e70879ab5a935e730a043d8bbc1aa0ee 1093680 grub2_2.12-2~deb13u1.debian.tar.xz 51763ea93603ce54cf00371e24c2d98bb7d6af12 14120 grub2_2.12-2~deb13u1_source.buildinfo Checksums-Sha256: 5548a71bf2f6e1a1db1ce78f40eb9fd020f088875704589e1b8e99f65a19c655 7414 grub2_2.12-2~deb13u1.dsc c56fafea39b6ce7c1c6d122eceb5f73f648876644fb57110cdba765edd1a882e 1093680 grub2_2.12-2~deb13u1.debian.tar.xz d9e32e365a4bd1d3a809dd6503c20b8b894ebf53f096b95f9970f631a81035ee 14120 grub2_2.12-2~deb13u1_source.buildinfo Files: 250b35997aa65d042a135a52bb4f3fbc 7414 admin optional grub2_2.12-2~deb13u1.dsc dd636888bc240721bdcf6aae985caeec 1093680 admin optional grub2_2.12-2~deb13u1.debian.tar.xz 7799e9ce990ec274c3f6ed027fd0ec18 14120 admin optional grub2_2.12-2~deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmYQSDEPHGpha0BkZWJp YW4ub3JnAAoJEG+kWN0dsD9xW/8P/3IYae/ZimGKf/AnL8HKmuAFuJfgUX3WsyGO Yxbol7LW1oWocA5o/9cFrpgCX2zYqjCx0AArTIyMb0a0zba3NDHqgQLZpZFfKV6M B70c27iy4v1r3FlqeTGhpVL060rO7pT5Rf28xv5YolRDfY3cqzs4vUl2rCoLW6Z/ ZqX2cqXgSwK2KelY6eBj7Ydn2swuBmmkdquZ8utvL4cHzk4gZ0bAUk/Qkd+TszOd lQPDfQbMRd5Lms7uTogK7OVdG/fJaJRpQ7K6/tbxWXZef56nXW5aLC03myEh/eJw aZU9hVPEYWAjXmgE3icsQPPNR1dZQyCrFIE71GP/0tXTuoB1wE6erHhW2vktzg5I PvcOXQbTn3qcLwSHSTSimgJXl4uxioh2ZduR/WlLeGGKCY1pZSNswnPcPMGk2yqf Tms5yOjxnxeMjdmnHMlrmnJH+XHIC+8gX8+DMRQLr7bSXHsjXsGagnD2FEecjCia rvkqL50vD2mf80T4jokpYlhHLWy02HPsObJCwlV8X/c2yXZVX+lB4b8gfAmSwTwQ X/Oj6/NsYlKdnLoBY39PWc15maDizsXCnoB9W6yqQm7bamoPShzuVuE9EzAKmJbP J5pZpk9UXkwrE1zhbi4gEclIYGhCIZfuaCoge2ubwje/WuRP50Xh+yIYq02Mc6CO aB16XtRM =x8rz -----END PGP SIGNATURE-----