Re: Bug#991691: Possible CVE-2014-5461 in grub2

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#991691: Possible CVE-2014-5461 in grub2

From:	Daniel Kiper
Subject:	Re: Bug#991691: Possible CVE-2014-5461 in grub2
Date:	Mon, 9 Aug 2021 13:58:04 +0200
User-agent:	NeoMutt/20170113 (1.7.2)

Hi,

On Fri, Jul 30, 2021 at 08:55:06PM +0400, Movses Tovmasyan wrote:
> Package: grub2
> Version: 2.02~beta3-5+deb9u2
> Tags: patch
>
> grub2 uses the obsolete version of minilua
> (single-file port of Lua) which has CVE-2014-5461
> Patch attached below.

Thanks for the report. This patch does not apply to the GRUB upstream
because it does not contain the Lua support.

Daniel

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Bug#991691: Possible CVE-2014-5461 in grub2, Daniel Kiper <=

Prev by Date: Re: [PATCH 2/2] autogen.sh: Detect python
Next by Date: Re: [PATCH v3 1/4] ieee1275: Move #defines into common ieee1275.h header
Previous by thread: [PATCH v4 0/5] Support Argon2 KDF in LUKS2
Next by thread: blscfg module $early_initrd and $default_kernelopts variables
Index(es):
- Date
- Thread