On Tue, Nov 22, 2022 at 05:00:47PM +0800, Zhang Boyang wrote:
>Package: grub2
>Tags: security
>
>Hi,
>
>Although there are patches in `debian/patches/cve_2022_2601/`, they are not
>used by `debian/patches/series`. So the vulnerability is still not fixed in
>buster even its SBAT==3.

Aw, crap. :-( Looks like I lost a change when switching between
branches when testing locally.

Thanks for reporting this!

>Bullseye seems OK. However, it seems debian's SBAT numbers should be bumped,
>so bullseye also needs an update.

ACK, I'll work stuff out.

-- 
Steve McIntyre, Cambridge, UK.                                [email protected]
Google-bait:       https://www.debian.org/CD/free-linux-cd
  Debian does NOT ship free CDs. Please do NOT contact the mailing
  lists asking us to send them to you.

Reply via email to