-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Apr 2026 21:03:46 +0100 Source: grub2 Binary: grub-common grub-common-dbgsym grub-mount-udeb grub-theme-starfield grub-yeeloong grub-yeeloong-bin grub-yeeloong-dbg grub2-common grub2-common-dbgsym Architecture: mipsel Version: 2.06-13+deb12u2 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Steve McIntyre <93sam@debian.org> Description: grub-common - GRand Unified Bootloader (common files) grub-mount-udeb - export GRUB filesystems using FUSE (udeb) grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme) grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version) grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong modules) grub-yeeloong-dbg - GRand Unified Bootloader, version 2 (Yeeloong debug files) grub2-common - GRand Unified Bootloader (common files for version 2) Changes: grub2 (2.06-13+deb12u2) bookworm; urgency=medium . [ Julian Andres Klode ] * Set Protected: yes for -signed packages so they cannot easily be removed * debian/patches: Backport to bookworm . [ Felix Zielcke ] * Add salsa-ci.yml and disable blhc and reprotest pipelines. . [ Luca Boccassi ] * salsa-ci: configure for stable builds . [ Mate Kukri ] * Cherry-pick remaining XFS delta from 2.12 * Cherry-pick upstream vulnerability fixes * Cherry-pick extfs regression patch * Cherry-pick xfs regression patches * Bump SBAT level to grub,5 * fs/fat: Don't error when mtime is 0 (LP: #2098641) * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG - CVE-2024-45774 * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation - CVE-2024-45775 * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read - CVE-2024-45776 * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write - CVE-2024-45777 * SECURITY UPDATE: fs/bfs: Integer overflow - CVE-2024-45778 * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read - CVE-2024-45779 * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write - CVE-2024-45780 * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write - CVE-2024-45781 * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write - CVE-2024-45782 * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF - CVE-2024-45783 * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload - CVE-2025-0622 * SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file() - CVE-2025-0624 * SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks - CVE-2025-0677 * SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-0678 * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0684 * SECURITY UPDATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0685 * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0686 * SECURITY UPDATE: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution - CVE-2025-0689 * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write - CVE-2025-0690 * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled - CVE-2025-1118 * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write - CVE-2025-1125 * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835] . [ Steve McIntyre ] * Drop NTFS patches that seem to be causing regressions * Remove NTFS from the monolithic EFI grub image, so we don't sign vulnerable code. * Similarly, remove jfs - we have doubts. * Bump SBAT levels: + grub,5 now we have the 2025 CVE fixes included + grub.debian,5 + grub.debian12,1 Checksums-Sha1: f4e90072a089675932e1dd22d758c86a754be96f 10784624 grub-common-dbgsym_2.06-13+deb12u2_mipsel.deb a2c57f75b5d8e1119b8cf3381edd6f4e2298961c 2871456 grub-common_2.06-13+deb12u2_mipsel.deb 22fa61f4a4ebcdc5ff97568e8ffacfc9bded253b 449656 grub-mount-udeb_2.06-13+deb12u2_mipsel.udeb ecfe6162b3e4773f7908ca12edd45f9a297ec52c 2333464 grub-theme-starfield_2.06-13+deb12u2_mipsel.deb 8f62508276c581b107778641ae65878634a27a32 913260 grub-yeeloong-bin_2.06-13+deb12u2_mipsel.deb b3679e5a00464e3acb54c9733c2934b7df666a6e 2978048 grub-yeeloong-dbg_2.06-13+deb12u2_mipsel.deb 006cd0cfbfd96948b4dcb3d6237570b89f28fe47 226988 grub-yeeloong_2.06-13+deb12u2_mipsel.deb 1d6d69c7197a4337cac92ba1d508d039f3b10d9a 1498120 grub2-common-dbgsym_2.06-13+deb12u2_mipsel.deb f86571427271208ee24f0ea1f27998256656c96d 810820 grub2-common_2.06-13+deb12u2_mipsel.deb 42795f24c85d8274dfc030bad5ce33806dbf6974 12879 grub2_2.06-13+deb12u2_mipsel-buildd.buildinfo Checksums-Sha256: 508a8c4db5de6517f229fba21c5497369a94e33884265067d912c8f67e6e8581 10784624 grub-common-dbgsym_2.06-13+deb12u2_mipsel.deb 2a5ccfd5124af60c7db62276b0804c266f3c679dbc1493d8d16d2760c060741a 2871456 grub-common_2.06-13+deb12u2_mipsel.deb 750f4d795a4593f6d98e9a25833439e59dc95609f20b56feeb19431f4958f77b 449656 grub-mount-udeb_2.06-13+deb12u2_mipsel.udeb eefe6c8fb0e9dba3e6fa7e8993bc394de8365161a369b2682196d8036b87d974 2333464 grub-theme-starfield_2.06-13+deb12u2_mipsel.deb 6a283f83bb9a17fa37639471d8b83b39978bb65e8557bab35c338171dfdda475 913260 grub-yeeloong-bin_2.06-13+deb12u2_mipsel.deb 84865daae1acaf142dca54a798020ea0375fa8b759ca18453d7e42aceb644b23 2978048 grub-yeeloong-dbg_2.06-13+deb12u2_mipsel.deb 9e3fbf0a46f4937b22ca4c6dbc53a92a284c631aa7d988305475dffd1bae82e7 226988 grub-yeeloong_2.06-13+deb12u2_mipsel.deb 7005bd0722b84fc8254029c16189d3ce0c892a8a878bcb2962342bf3610d2fbf 1498120 grub2-common-dbgsym_2.06-13+deb12u2_mipsel.deb 8cf0696a4b8d5cf3a675bb4737193b27c24dea9228f29be4730937c4dbca1ee4 810820 grub2-common_2.06-13+deb12u2_mipsel.deb 81576404d34ad402533aacc433b999bbf965a46d02b7761ac8c217df843062df 12879 grub2_2.06-13+deb12u2_mipsel-buildd.buildinfo Files: ef5e2bf57fa8110f4392ef476716a415 10784624 debug optional grub-common-dbgsym_2.06-13+deb12u2_mipsel.deb bf4110e8ef507047b3387cb03f18c764 2871456 admin optional grub-common_2.06-13+deb12u2_mipsel.deb 18fe2f07d1641a16954331b2908cb06f 449656 debian-installer optional grub-mount-udeb_2.06-13+deb12u2_mipsel.udeb 55c189c2b46c3633dca3b8e9b1891bc3 2333464 admin optional grub-theme-starfield_2.06-13+deb12u2_mipsel.deb c9354667f62931e5d1c2f816809531a4 913260 admin optional grub-yeeloong-bin_2.06-13+deb12u2_mipsel.deb ed5a798bbba1f6445dede82bf3045c19 2978048 debug optional grub-yeeloong-dbg_2.06-13+deb12u2_mipsel.deb 7b09f09afd82301ad6045087fd095915 226988 admin optional grub-yeeloong_2.06-13+deb12u2_mipsel.deb 2d08948e1f7ee60572953809b907f771 1498120 debug optional grub2-common-dbgsym_2.06-13+deb12u2_mipsel.deb bb34a6178895db3694480da91c024a3d 810820 admin optional grub2-common_2.06-13+deb12u2_mipsel.deb d01f3fddeb3ebcc75660d0b7cae93c8c 12879 admin optional grub2_2.06-13+deb12u2_mipsel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4ZxaH3zEHAF/GhnCHrk2gTKeWggFAmn3xegACgkQHrk2gTKe Wghobg/+LNq+JDi4b/ycblftzuyGBBDT3BcOjYmhdSBbPY32/L7WBjrfyfVJ7f55 k5dKuUZqOtIzHhrMTLIhMr7yFPegoy09tzJRuOtGfEWkAQWPKEgev2AMuoNE/uTP Z0O9ivYtLjlxWJrec5/mZUWJ5tnQ7LP4dnMW3UmshyOjN7X4gCEf6E89lkRLxdSv XnxRUzSKkSYEavK/9hnuG8g60ozx1Qbwmux3BAj2IrCsVKABxEZBLItvD3ErKW3x WUra4rI6dA9kvGxQqwWYWQ66bvDrGgnwt+lUgzXEHrSbr2YPvAL77cKii3hi/0Iy I/T/twvAcV0vRcKtTuVA71Waw6QJnZb8bMxRahjcYCa3HecGgzUQlwPCb7MMOKE7 ePIDROfE87lJEOjMTkNw1xhy2YxhGFPsyT4MMjnQUnYT4xQATv9Pgmp3KBQ6s5pp WdcVwjSTHcqjquVOGODDFQZPsZkTx3BnDyTsV1zSTJOJqsMlAVtp+ReJ4ERmKGCh Wf5jzHI3NC/FMo9CUlbJv2k7s0z26fIkuhTN0xHNYrGG0Zc9pkhlQwcKWozPaGOy bqOYv//mJYptqzqhuoJVWddVqJ7BWa33UlLjCmc8Gx4XUS8fxqTRPgGV40hFeSES 8wnLH2bZhsBzW/y5krFejgOYpxw/08GSDYpXYWdZCvOHB2ADqEc= =1pFD -----END PGP SIGNATURE-----