Bug#1061519: shim: CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551
Le lundi 15 avril 2024, 13:58:19 UTC Steve McIntyre a écrit : > On Mon, Apr 15, 2024 at 11:33:14AM +, Bastien Roucariès wrote: > >Source: shim > >Followup-For: Bug #1061519 > >Control: tags -1 + patch > > > >Dear Maintainer, > > > >Please find a MR here > >https://salsa.debian.org/efi-team/shim/-/merge_requests/13 > > ACK. Thanks for trying to help, but the merge isn't the hard bit here. > > Tthe new upstream is a little problematic and I'm debugging some boot > failures in my local CI already. I have backported here https://salsa.debian.org/efi-team/shim/-/merge_requests/14 Need test > > signature.asc Description: This is a digitally signed message part.
Bug#1061519: shim: CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551
On Mon, Apr 15, 2024 at 11:33:14AM +, Bastien Roucariès wrote: >Source: shim >Followup-For: Bug #1061519 >Control: tags -1 + patch > >Dear Maintainer, > >Please find a MR here >https://salsa.debian.org/efi-team/shim/-/merge_requests/13 ACK. Thanks for trying to help, but the merge isn't the hard bit here. Tthe new upstream is a little problematic and I'm debugging some boot failures in my local CI already. -- Steve McIntyre, Cambridge, UK.st...@einval.com Into the distance, a ribbon of black Stretched to the point of no turning back
Bug#1061519: shim: CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551
Source: shim Followup-For: Bug #1061519 Control: tags -1 + patch Dear Maintainer, Please find a MR here https://salsa.debian.org/efi-team/shim/-/merge_requests/13 Bastien signature.asc Description: This is a digitally signed message part.
Bug#1061519: shim: CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551
Source: shim Version: 15.7-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 15.7-1~deb11u1 Hi, The following vulnerabilities were published for shim. According to [6]: * Various CVE fixes: CVE-2023-40546 mok: fix LogError() invocation CVE-2023-40547 - avoid incorrectly trusting HTTP headers CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system CVE-2023-40549 Authenticode: verify that the signature header is in bounds. CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat() CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40546 https://www.cve.org/CVERecord?id=CVE-2023-40546 [1] https://security-tracker.debian.org/tracker/CVE-2023-40547 https://www.cve.org/CVERecord?id=CVE-2023-40547 [2] https://security-tracker.debian.org/tracker/CVE-2023-40548 https://www.cve.org/CVERecord?id=CVE-2023-40548 [3] https://security-tracker.debian.org/tracker/CVE-2023-40549 https://www.cve.org/CVERecord?id=CVE-2023-40549 [4] https://security-tracker.debian.org/tracker/CVE-2023-40550 https://www.cve.org/CVERecord?id=CVE-2023-40550 [5] https://security-tracker.debian.org/tracker/CVE-2023-40551 https://www.cve.org/CVERecord?id=CVE-2023-40551 [6] https://github.com/rhboot/shim/releases/tag/15.8 Regards, Salvatore