-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 02 Oct 2023 16:11:34 +0200 Source: grub2 Binary: grub-common grub-common-dbgsym grub-mount-udeb Architecture: mips64el Version: 2.06-3~deb11u6 Distribution: bullseye-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Julian Andres Klode Description: grub-common - GRand Unified Bootloader (common files) grub-mount-udeb - export GRUB filesystems using FUSE (udeb) Changes: grub2 (2.06-3~deb11u6) bullseye-security; urgency=medium . [ Mate Kukri ] * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager. - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume- label.patch: fs/ntfs: Fix an OOB read when parsing a volume label - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for- index-at.patch: fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory- entries-fr.patch: fs/ntfs: Fix an OOB read when parsing directory entries from resident and non-resident index attributes - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe- reside.patch: fs/ntfs: Fix an OOB read when reading data from the resident $DATA + attribute - CVE-2023-4693 * SECURITY UPDATE: Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass. - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the- ATTRIBUTE_LIST-.patch: fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for the $MFT file - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch fs/ntfs: Make code more readable - CVE-2023-4692 . [ Julian Andres Klode ] * Bump SBAT to grub,4 Checksums-Sha1: 5ff3bd5a19c2d13dbc2fe8d62800fe592f0cd308 10976912 grub-common-dbgsym_2.06-3~deb11u6_mips64el.deb 37bd2c4502977b68ca3d166721236649f1e60a5c 2888720 grub-common_2.06-3~deb11u6_mips64el.deb 959fb4e6c79ba687468b3708394010df35003f4f 412976 grub-mount-udeb_2.06-3~deb11u6_mips64el.udeb 2376a99def7731ae258cb34732f3ddbcfb55c572 11229 grub2_2.06-3~deb11u6_mips64el-buildd.buildinfo Checksums-Sha256: 24c8a1a1896ed575e2daefd7966541c8b9a551c85b0776ec65e65fe820c15dc3 10976912 grub-common-dbgsym_2.06-3~deb11u6_mips64el.deb f1657e3790751038541802e27f297e5701d6b38086bcea6d4a1afa681ffbb11f 2888720 grub-common_2.06-3~deb11u6_mips64el.deb 09672d61e3076d52b0106d53f050d417d16d364011255d589b44e3162e05800e 412976 grub-mount-udeb_2.06-3~deb11u6_mips64el.udeb 56da7fb82b9fdf548eb635f0422054b835980c817e593d0b78444b538b951705 11229 grub2_2.06-3~deb11u6_mips64el-buildd.buildinfo Files: 298a27f2212bdc20c6f49bd81891188b 10976912 debug optional grub-common-dbgsym_2.06-3~deb11u6_mips64el.deb 1473862137967404b72af745439572e0 2888720 admin optional grub-common_2.06-3~deb11u6_mips64el.deb 48f94337e36dd500923dc846c6a294dc 412976 debian-installer optional grub-mount-udeb_2.06-3~deb11u6_mips64el.udeb 8b723f2856d11775b469ab4fddaa56fa 11229 admin optional grub2_2.06-3~deb11u6_mips64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXUZVEjohYGA7PDpMojl408mCs9YFAmUcT54ACgkQojl408mC s9YrqBAAoPE0+9RbXWFkrtotI24hjRpACLWTwtaGxcQayi+du0YTh4H5FN5xttRC 621l3KFD1F8M1DtG9ekDzrs029qM66Pxnf2HXqgowdJuLECV/ROHjdk0p8w/ssKQ JSy3deM729fJQVeuSfpfPPuhmD93X4I4CRzWncXnMhygNg4srY6gKEjz+TlNkI87 IQnT20HxR9I6F/c50yi3wjIo+6C29Su6tFAj1VAe2GdXz5JFgQ/gkC3FOmmyTmmf oeuO6/7fH3luaOz78nogagEJry7YcCYBPzIOjA4swO573XFqBa0jsfLGsSrwTuOF 70D42/Gw+6FBbcp/qvjQ/CmNQ+K7j7aABne73wLNdiYMogh/7nz0HVN7++fpIbkZ Ru4j3IFR6gm6s1mQ3AQRGxmF1sCbmbzWNkI/31MeWyJWlwJLxXFYVX4heeU80jn/ aKL8m4VPFu4fI7kW2d2EOQOsNzPliGNKvpnLOs1MA8dOp47nin9bDX8dorYX3dWJ RgbaBcPfIuyI33lgyXsxpIZA0gO75l+ogR8gzp/OT+2bFQOiFvJbvbTdcDFcVv2V NBuCvFLsy2BY/5/Q2PYX77fdZMHKXWVkGWRlrng3HQWVRNIh4/EX0Wta19XPOEUT avx5Gc7CshXOyuzlSmEsPW4OSv2NGiBP6kTifoBXOsyRPJ2+4v4= =prVb -----END PGP SIGNATURE-----