[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: grub2 CVEs


Are CVE-2021-20225 and CVE-2021-20233 specific to SecureBoot?

- Sylvain

commit 77849e46951112dd87797b84485b40303e3c1239
Author: Utkarsh Gupta <utkarsh@debian.org>
Date:   Thu Mar 4 14:11:27 2021 +0530

    Drop grub2 from dla-needed; ignored

diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 9b6576aac4..d9e97f30fd 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -56,11 +56,6 @@ golang-github-appc-cni (Thorsten Alteholz)
 golang-gogoprotobuf (Ola Lundqvist)
NOTE: 20210218: If you have any idea why this is called the "skippy peanut butter" issue, I would be mildly interested. (lamby)
- NOTE: 20210303: Suggestion from Salvatore: Handle this in same way as for BootHole in stretch, there is no Secure Boot - NOTE: 20210303: that is "[stretch] - grub2 <ignored> (No SecureBoot support in stretch)"
-  NOTE: 20210303: asked for further clarification from Salvatore. (utkarsh)
 guacamole-server (Anton Gladky)

Reply to: