Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02

From:	Neal Gompa
Subject:	Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Date:	Tue, 9 Mar 2021 10:57:36 -0500

On Tue, Mar 2, 2021 at 4:08 PM Daniel Kiper <daniel.kiper@oracle.com> wrote:
>
> Hi Adrian,
>
> On Tue, Mar 02, 2021 at 08:37:14PM +0100, John Paul Adrian Glaubitz wrote:
> > Hi Daniel!
> >
> > On 3/2/21 7:00 PM, Daniel Kiper wrote:
> > > The BootHole vulnerability [1][2] announced last year encouraged many 
> > > people to
> > > take a closer look at the security of boot process in general and the GRUB
> > > bootloader in particular. Due to that, during past few months we were 
> > > getting
> > > reports of, and also discovering various security flaws in the GRUB 
> > > ourselves.
> > > You can find the list of most severe ones which got CVEs assigned at the 
> > > end of
> > > this message. The patch bundle fixing all these issues in the upstream 
> > > GRUB
> > > contains 117 patches.
> >
> > Huge thanks and kudos to everyone involved fixing all these vulnerabilities!
> >
> > Given the amount of patches, wouldn't it make sense to push an RC candidate
> > for 2.06 in the near future so that distributions can start shipping the 
> > pre-
> > release and avoiding to carry this large amount of patches?
>
> I am planning to cut 2.06-rc1 in matter of days...
>

Any status update on this? The delta between 2.04 and HEAD is huge,
and I'd rather have a release to work from now...


-- 
真実はいつも一つ！/ Always, there's only one truth!

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, (continued)
- [SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 110/117] grub-install-common: Add --sbat option, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 113/117] kern/misc: Add STRING type for internal printf() format handling, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 111/117] shim_lock: Only skip loading shim_lock verifier with explicit consent, Daniel Kiper, 2021/03/02
- Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, John Paul Adrian Glaubitz, 2021/03/02
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Bruce Dubbs, 2021/03/02
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/02
    - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Neal Gompa <=
    - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/09
- Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Paul Menzel, 2021/03/18
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/22

Prev by Date: Re: [PATCH] Add chainloaded image as shim's verifiable object
Next by Date: Re: [PATCH v2] Add chainloaded image as shim's verifiable object
Previous by thread: Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Next by thread: Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Index(es):
- Date
- Thread