Debian
grub2 package

grub2 2.04-9 source package in Debian

Changelog

grub2 (2.04-9) unstable; urgency=high

  * Backport security patch series from upstream:
    - CVE-2020-10713: yylex: Make lexer fatal errors actually be fatal
    - safemath: Add some arithmetic primitives that check for overflow
    - calloc: Make sure we always have an overflow-checking calloc()
      available
    - CVE-2020-14308: calloc: Use calloc() at most places
    - CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: malloc: Use overflow
      checking primitives where we do complex allocations
    - iso9660: Don't leak memory on realloc() failures
    - font: Do not load more than one NAME section
    - gfxmenu: Fix double free in load_image()
    - xnu: Fix double free in grub_xnu_devprop_add_property()
    - lzma: Make sure we don't dereference past array
    - term: Fix overflow on user inputs
    - udf: Fix memory leak
    - multiboot2: Fix memory leak if grub_create_loader_cmdline() fails
    - tftp: Do not use priority queue
    - relocator: Protect grub_relocator_alloc_chunk_addr() input args
      against integer underflow/overflow
    - relocator: Protect grub_relocator_alloc_chunk_align() max_addr against
      integer underflow
    - script: Remove unused fields from grub_script_function struct
    - CVE-2020-15706: script: Avoid a use-after-free when redefining a
      function during execution
    - relocator: Fix grub_relocator_alloc_chunk_align() top memory
      allocation
    - hfsplus: fix two more overflows
    - lvm: fix two more potential data-dependent alloc overflows
    - emu: make grub_free(NULL) safe
    - efi: fix some malformed device path arithmetic errors
    - Fix a regression caused by "efi: fix some malformed device path
      arithmetic errors"
    - update safemath with fallback code for gcc older than 5.1
    - efi: Fix use-after-free in halt/reboot path
    - linux loader: avoid overflow on initrd size calculation
  * CVE-2020-15707: linux: Fix integer overflows in initrd size handling
  * Apply overflow checking to allocations in Debian patches:
    - bootp: Fix integer overflow in parse_dhcp6_option
    - unix/config: Fix integer overflow in grub_util_load_config
    - deviceiter: Fix integer overflow in grub_util_iterate_devices

 -- Colin Watson <email address hidden>  Wed, 29 Jul 2020 17:58:37 +0100

Upload details

Uploaded by:
GRUB Maintainers
Uploaded to:
Sid
Original maintainer:
GRUB Maintainers
Architectures:
any
Section:
admin
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
grub2_2.04-9.dsc 7.0 KiB a13b289ffa70a8d0a687ca726cf86c3c94a559d1b69214f45bca9e8ad818e031
grub2_2.04.orig.tar.xz 6.1 MiB e5292496995ad42dabe843a0192cf2a2c502e7ffcc7479398232b10a472df77d
grub2_2.04.orig.tar.xz.asc 833 bytes 955cc63196020e3a70dbb1834ec8b6a1808b1100bc878431c52aa0dd7e6a2532
grub2_2.04-9.debian.tar.xz 1.0 MiB da668d209f7fcf3edd254e792be36d8b07086792578d77d959cf768bd8c8c41a

No changes file available.

Binary packages built by this source