-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 Oct 2023 16:11:34 +0200
Source: grub2
Binary: grub-common grub-common-dbgsym grub-mount-udeb grub-theme-starfield grub-yeeloong grub-yeeloong-bin grub-yeeloong-dbg grub2-common grub2-common-dbgsym
Architecture: mipsel
Version: 2.06-13+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: mipsel Build Daemon (mipsel-osuosl-03) <buildd_mips64el-mipsel-osuosl-03@buildd.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 grub-common - GRand Unified Bootloader (common files)
 grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
 grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme)
 grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version)
 grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong modules)
 grub-yeeloong-dbg - GRand Unified Bootloader, version 2 (Yeeloong debug files)
 grub2-common - GRand Unified Bootloader (common files for version 2)
Changes:
 grub2 (2.06-13+deb12u1) bookworm-security; urgency=medium
 .
   [ Mate Kukri ]
   * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
     and may leak sensitive information into the GRUB pager.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
       label.patch:
       fs/ntfs: Fix an OOB read when parsing a volume label
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
       index-at.patch:
       fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
       entries-fr.patch:
       fs/ntfs: Fix an OOB read when parsing directory entries from resident and
       non-resident index attributes
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
       reside.patch:
       fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
       attribute
     - CVE-2023-4693
   * SECURITY UPDATE: Crafted file system images can cause heap-based buffer
     overflow and may allow arbitrary code execution and secure boot bypass.
     - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
       ATTRIBUTE_LIST-.patch:
       fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
       the $MFT file
     - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
       fs/ntfs: Make code more readable
     - CVE-2023-4692
 .
   [ Julian Andres Klode ]
   * Bump SBAT to grub,4
Checksums-Sha1:
 cdaf752f92ac1e58bdd88e27b63aa47e51d209f9 10712932 grub-common-dbgsym_2.06-13+deb12u1_mipsel.deb
 cd236387d43a4edc68713c00c2b63ed4ad059e1d 2864696 grub-common_2.06-13+deb12u1_mipsel.deb
 e5c6d8fbc57b270d0c1268cce03b4a405ad58b06 447500 grub-mount-udeb_2.06-13+deb12u1_mipsel.udeb
 6772d04fa4a828604634428c08b067fa4184d1b6 2336292 grub-theme-starfield_2.06-13+deb12u1_mipsel.deb
 2a906580d140254f0739fb934ee9bae58dac7ee8 909156 grub-yeeloong-bin_2.06-13+deb12u1_mipsel.deb
 4c5472b5f9720bbde996a1b958b6bba1d76758db 2961792 grub-yeeloong-dbg_2.06-13+deb12u1_mipsel.deb
 bbfe28f710a11b92fac06dd2f9f72f4e35bae3d4 226180 grub-yeeloong_2.06-13+deb12u1_mipsel.deb
 dc1b19189555e12d2c4c8a99525188dcdbe6035c 1491484 grub2-common-dbgsym_2.06-13+deb12u1_mipsel.deb
 d1ba42ab95c6a74d149cd7f714983ca641599232 809076 grub2-common_2.06-13+deb12u1_mipsel.deb
 b95f79dcabb24cebb8d8a2d21a61d6f48f53b8e2 12549 grub2_2.06-13+deb12u1_mipsel-buildd.buildinfo
Checksums-Sha256:
 ba204f8ee2d64f3c112b991d8f8700516ed074994bd481b6843da98c9b824c00 10712932 grub-common-dbgsym_2.06-13+deb12u1_mipsel.deb
 c095de2686e881338a078826a01a309adb0d8714e5e888134c5a9577c40dda53 2864696 grub-common_2.06-13+deb12u1_mipsel.deb
 49ee3f5146e9f4bcf0a341b0efd0089a41b97524fa54233ae06e85d8a924d388 447500 grub-mount-udeb_2.06-13+deb12u1_mipsel.udeb
 4adf106d88f23f0d08f92f1e28a3ef16213ed8deee0439a5a33456de47738714 2336292 grub-theme-starfield_2.06-13+deb12u1_mipsel.deb
 a2377d4b9e4991cdb1b26eab1d771fae420a6a518cefee2eb24aa612ec46cb4f 909156 grub-yeeloong-bin_2.06-13+deb12u1_mipsel.deb
 e08a7390f665e475fc69f8c90d4c7446a8c4f7c8b6dff6fb2e221b441cce91ad 2961792 grub-yeeloong-dbg_2.06-13+deb12u1_mipsel.deb
 f245e7241316fd98769960abb7e982bc9fa5d35479f592a21b49606b43dfaf40 226180 grub-yeeloong_2.06-13+deb12u1_mipsel.deb
 03f310814dacb3f6a90b97839b0db342782f951e93f8bf4469bfda911bfc9b78 1491484 grub2-common-dbgsym_2.06-13+deb12u1_mipsel.deb
 d987e6d6b2d9f7ef0bb2d43d1cde9b416f4f190ae39638ff191b948c3a97406e 809076 grub2-common_2.06-13+deb12u1_mipsel.deb
 4bfb7ceac382e51484366ed77e5f19f89c0a38b5bf4b4bce78a2e46255f1a979 12549 grub2_2.06-13+deb12u1_mipsel-buildd.buildinfo
Files:
 de36baf37ed103573fa57ae202b66dc9 10712932 debug optional grub-common-dbgsym_2.06-13+deb12u1_mipsel.deb
 1cce38ae62ea3a212482300e694697fd 2864696 admin optional grub-common_2.06-13+deb12u1_mipsel.deb
 26db52bfe6f892a98e94957fd1b0e821 447500 debian-installer optional grub-mount-udeb_2.06-13+deb12u1_mipsel.udeb
 ed97e5bdd0ee976b16ec8dd1af3000eb 2336292 admin optional grub-theme-starfield_2.06-13+deb12u1_mipsel.deb
 53c9263eeec86c6c412d79b7a41c33f2 909156 admin optional grub-yeeloong-bin_2.06-13+deb12u1_mipsel.deb
 d10558f426dfe85e70ded28e9f4f026f 2961792 debug optional grub-yeeloong-dbg_2.06-13+deb12u1_mipsel.deb
 4e55308103c80e4ecfefd0489a427e36 226180 admin optional grub-yeeloong_2.06-13+deb12u1_mipsel.deb
 5ad5f759084d4c7e3f949d0ae8554012 1491484 debug optional grub2-common-dbgsym_2.06-13+deb12u1_mipsel.deb
 c36fe900844aee44869ca72b87e20e1e 809076 admin optional grub2-common_2.06-13+deb12u1_mipsel.deb
 dc30d5e1f6b9c66adf2e60dc5ff63e07 12549 admin optional grub2_2.06-13+deb12u1_mipsel-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXUZVEjohYGA7PDpMojl408mCs9YFAmUcU5cACgkQojl408mC
s9ZpQw//UVVmBXw0nO3dWRe5Wk9yb9dadRNOO4woJwBNwJRn715f7oqH7HQxMfRb
0/wK6cLkMaH2/4a0shDvYobO9OAsldJAG3ocbE86AYQPuDyoM7av0NBqEH18uqis
DRwbnS2wmbm84OpC8LSBkCjYT8esYzGA9mNOmSkS8oPRVk60B9QpArHrwUZ/biOa
eSzmcTQa8R2kiaqkLxNx1wQoWClpPs6xhRIklweYVwBbpK47Z128RWE4rkQtgEGy
mwyWXLvJf4dsTL2re9II48WIVLHUFC1R+vJqE4+VQvJIlerM4Bg8lCNQOGbiIwRv
EYTWK9zM+QWq69NjoxsDvuD7et/YxrfTLk3jAD34YSkgTLr5tio6tCXzCQ3Vckz4
4CfUh4y5l0Xnir7EZslqXq0cBNi5hcvCWrHrUCLA9ID7Pitan/efgqGtZXbkCrX9
CPJwZcO/NPm/Jq0bIBgKUPgMjHyg6cES0WKkz7ieHizfDzyBkr+1rLhKkfpagEsy
s37vrn4n17OqAA8iQmsAGvnUZKfzhbYj6OhRVA2DmELRLZztqgVmBuzWrahdm6At
Xpk2ZP/Qa+0JlaArpBgv6J/Bz/gh3Y/p+HSvHKcO5R4zeResFw1Rz/kkZGOso8Fg
640s/wdwTfk6Z5UUWEXg5+atK9dJZ4gWeMxBmmel77K+HoF6ZhE=
=sj1n
-----END PGP SIGNATURE-----