Package: grub2 Tags: security Hi,
Although there are patches in `debian/patches/cve_2022_2601/`, they are not used by `debian/patches/series`. So the vulnerability is still not fixed in buster even its SBAT==3.
Bullseye seems OK. However, it seems debian's SBAT numbers should be bumped, so bullseye also needs an update.
Best Regards, Zhang Boyang

