-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 May 2026 12:15:11 +0200 Source: grub2 Architecture: source Version: 2.06-3~deb11u7 Distribution: bullseye-security Urgency: medium Maintainer: GRUB Maintainers <pkg-grub-devel@alioth-lists.debian.net> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Changes: grub2 (2.06-3~deb11u7) bullseye-security; urgency=medium . [ Emilio Pozuelo Monfort ] * Non-maintainer upload by the LTS Team. * Backport patches from bookworm: * Cherry-pick remaining XFS delta from 2.12 * Cherry-pick upstream vulnerability fixes * Cherry-pick extfs regression patch * Cherry-pick xfs regression patches * fs/fat: Don't error when mtime is 0 (LP: #2098641) * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG - CVE-2024-45774 * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation - CVE-2024-45775 * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read - CVE-2024-45776 * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write - CVE-2024-45777 * SECURITY UPDATE: fs/bfs: Integer overflow - CVE-2024-45778 * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read - CVE-2024-45779 * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write - CVE-2024-45780 * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write - CVE-2024-45781 * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write - CVE-2024-45782 * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF - CVE-2024-45783 * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload - CVE-2025-0622 * SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file() - CVE-2025-0624 * SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks - CVE-2025-0677 * SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-0678 * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0684 * SECURITY UPDATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0685 * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0686 * SECURITY UPDATE: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution - CVE-2025-0689 * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write - CVE-2025-0690 * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled - CVE-2025-1118 * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write - CVE-2025-1125 * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835] . * build-efi-images: disable jfs and ntfs in efi images * SBAT: - bump to grub,5 - bump to grub.debian,5 - add grub.debian11,1 * signing-template: add Protected: yes, to make it harder to remove signed grub packages once installed. Checksums-Sha1: 1e4d2a20fe8f5461990e1e503581d3b0b5b9de74 7100 grub2_2.06-3~deb11u7.dsc c9f93f1e195ec7a5a21d36a13b469788c0b29f0f 6581924 grub2_2.06.orig.tar.xz 910db38472f2d654a4816a0c3b7b83415502850f 833 grub2_2.06.orig.tar.xz.asc 056b2f8a4f9db2308ef0fa09cb2c8a8998f4d0c3 1140392 grub2_2.06-3~deb11u7.debian.tar.xz 6afeeafef96635626d665397df01074e4f3e4d1a 8783 grub2_2.06-3~deb11u7_source.buildinfo Checksums-Sha256: 6969e4f23b91a1ec82d8e5170a47693d15555b2ece73282445a0733c15ea1e17 7100 grub2_2.06-3~deb11u7.dsc b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1 6581924 grub2_2.06.orig.tar.xz b4a3a62a308e97537c21b88ba51174e792bfd77492675eef0cfd75a481e62b22 833 grub2_2.06.orig.tar.xz.asc fc733dc08e1b00470ec845632fc535ba8da054546468d94f629723e9744baa74 1140392 grub2_2.06-3~deb11u7.debian.tar.xz 2c41a3c4960e71ae6853917463869d755fa914d030d18d0c97691726081f27fb 8783 grub2_2.06-3~deb11u7_source.buildinfo Files: 7193a44cd91c0b9ba6d4f3d13229a7b8 7100 admin optional grub2_2.06-3~deb11u7.dsc cf0fd928b1e5479c8108ee52cb114363 6581924 admin optional grub2_2.06.orig.tar.xz 68de7e4d2280d020bcd5a775f16f4827 833 admin optional grub2_2.06.orig.tar.xz.asc 1902bd25eb76fbe761aa024dbf016e78 1140392 admin optional grub2_2.06-3~deb11u7.debian.tar.xz 1c3087c629e908dac2cc54f869563507 8783 admin optional grub2_2.06-3~deb11u7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmpXP+0ACgkQnUbEiOQ2 gwLc2BAAtBRQOwdWLIBq7A5FYHBVtEFEcz1+ijuq48TD+vXbuTGRn2s86owqclsW FamsQv/LaKPLJYYdz18cB3ACHlgXRHqfCv4e+bbb6CFmkkjyBkx27mIllIYVF/qD y805a49f76eO0LM1xIvE8uPB+FL+YaVVEA+9nwPsTIaKaDdW8MjlkvZHCS6r1vfH tDR+YOyyWger6z7+rwpglpIQkHbFqRAMUuoh2vtkn6IUXd5OFbBpkGiZLlrpqLXw wOHODchu9n1HJiS6ZJE5g3qSJyUZVCeX9q7SRptMPYwmNhmXBwBS9359ct17rLhU On53etyYkeshlgoB1V0F24DUQwJI5dmeAWTWjlEKacoMRzEIUvhCl8a+AvznRMM2 l5S6m4X7iw+SLAesFDj7XNOUBMI2m1ehXC4nVtCi3wXFZYqpg6HoATVmBZJCvgEE AKGVPUAx+8kd1PS7AdU7a0hglESPHo507qqPXgwx0o+hIEFGaeS4ueMed2+ldMDg +ZfpkHPwoqJPFmFWegauYq9f9o4lPjFtmDtoTuBN9iwmgiVfyDjLX2kuEh6sxItL NKT/ixk/J3tWUw8kiPlDvbhCXTSTAm8v4GlFlDy6QCm1LlcboyKi59kqUX2bYbsj 6JNuDzwjju4poOumXGgm/0QvFvMvFnxEmZRZoSjBSoUYNjdtQfI= =R0HH -----END PGP SIGNATURE-----