grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02


From: Daniel Kiper
Subject: Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Date: Tue, 9 Mar 2021 17:58:26 +0100
User-agent: NeoMutt/20170113 (1.7.2)

On Tue, Mar 09, 2021 at 10:57:36AM -0500, Neal Gompa wrote:
> On Tue, Mar 2, 2021 at 4:08 PM Daniel Kiper <daniel.kiper@oracle.com> wrote:
> >
> > Hi Adrian,
> >
> > On Tue, Mar 02, 2021 at 08:37:14PM +0100, John Paul Adrian Glaubitz wrote:
> > > Hi Daniel!
> > >
> > > On 3/2/21 7:00 PM, Daniel Kiper wrote:
> > > > The BootHole vulnerability [1][2] announced last year encouraged many 
> > > > people to
> > > > take a closer look at the security of boot process in general and the 
> > > > GRUB
> > > > bootloader in particular. Due to that, during past few months we were 
> > > > getting
> > > > reports of, and also discovering various security flaws in the GRUB 
> > > > ourselves.
> > > > You can find the list of most severe ones which got CVEs assigned at 
> > > > the end of
> > > > this message. The patch bundle fixing all these issues in the upstream 
> > > > GRUB
> > > > contains 117 patches.
> > >
> > > Huge thanks and kudos to everyone involved fixing all these 
> > > vulnerabilities!
> > >
> > > Given the amount of patches, wouldn't it make sense to push an RC 
> > > candidate
> > > for 2.06 in the near future so that distributions can start shipping the 
> > > pre-
> > > release and avoiding to carry this large amount of patches?
> >
> > I am planning to cut 2.06-rc1 in matter of days...
> >
>
> Any status update on this? The delta between 2.04 and HEAD is huge,
> and I'd rather have a release to work from now...

WIP, expect rc1 by the end of this week...

> 真実はいつも一つ!/ Always, there's only one truth!

Hmmm... Interesting... :-)

Daniel



reply via email to

[Prev in Thread] Current Thread [Next in Thread]