-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Apr 2026 21:03:46 +0100 Source: grub2 Binary: grub-common grub-common-dbgsym grub-efi grub-efi-arm grub-efi-arm-bin grub-efi-arm-dbg grub-mount-udeb grub-theme-starfield grub-uboot grub-uboot-bin grub-uboot-dbg grub2-common grub2-common-dbgsym Architecture: armel Version: 2.06-13+deb12u2 Distribution: bookworm Urgency: medium Maintainer: armel Build Daemon (arm-conova-04) Changed-By: Steve McIntyre <93sam@debian.org> Description: grub-common - GRand Unified Bootloader (common files) grub-efi - GRand Unified Bootloader, version 2 (dummy package) grub-efi-arm - GRand Unified Bootloader, version 2 (ARM UEFI version) grub-efi-arm-bin - GRand Unified Bootloader, version 2 (ARM UEFI modules) grub-efi-arm-dbg - GRand Unified Bootloader, version 2 (ARM UEFI debug files) grub-mount-udeb - export GRUB filesystems using FUSE (udeb) grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme) grub-uboot - GRand Unified Bootloader, version 2 (ARM U-Boot version) grub-uboot-bin - GRand Unified Bootloader, version 2 (ARM U-Boot modules) grub-uboot-dbg - GRand Unified Bootloader, version 2 (ARM U-Boot debug files) grub2-common - GRand Unified Bootloader (common files for version 2) Changes: grub2 (2.06-13+deb12u2) bookworm; urgency=medium . [ Julian Andres Klode ] * Set Protected: yes for -signed packages so they cannot easily be removed * debian/patches: Backport to bookworm . [ Felix Zielcke ] * Add salsa-ci.yml and disable blhc and reprotest pipelines. . [ Luca Boccassi ] * salsa-ci: configure for stable builds . [ Mate Kukri ] * Cherry-pick remaining XFS delta from 2.12 * Cherry-pick upstream vulnerability fixes * Cherry-pick extfs regression patch * Cherry-pick xfs regression patches * Bump SBAT level to grub,5 * fs/fat: Don't error when mtime is 0 (LP: #2098641) * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG - CVE-2024-45774 * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation - CVE-2024-45775 * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read - CVE-2024-45776 * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write - CVE-2024-45777 * SECURITY UPDATE: fs/bfs: Integer overflow - CVE-2024-45778 * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read - CVE-2024-45779 * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write - CVE-2024-45780 * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write - CVE-2024-45781 * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write - CVE-2024-45782 * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF - CVE-2024-45783 * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload - CVE-2025-0622 * SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file() - CVE-2025-0624 * SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks - CVE-2025-0677 * SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-0678 * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0684 * SECURITY UPDATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0685 * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0686 * SECURITY UPDATE: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution - CVE-2025-0689 * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write - CVE-2025-0690 * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled - CVE-2025-1118 * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write - CVE-2025-1125 * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835] . [ Steve McIntyre ] * Drop NTFS patches that seem to be causing regressions * Remove NTFS from the monolithic EFI grub image, so we don't sign vulnerable code. * Similarly, remove jfs - we have doubts. * Bump SBAT levels: + grub,5 now we have the 2025 CVE fixes included + grub.debian,5 + grub.debian12,1 Checksums-Sha1: 809ac45325248dd275a62a8d85d219d29aae8b32 10266404 grub-common-dbgsym_2.06-13+deb12u2_armel.deb ef3d03086562f1fe686bed4900aed5d49c9e74ab 2498236 grub-common_2.06-13+deb12u2_armel.deb 041f94d8ffbe86d8c804f6c354b45d7bf2b5f5de 759360 grub-efi-arm-bin_2.06-13+deb12u2_armel.deb b00dcea2f9c4c6b8bbdc6e6428d5cdd03a0a6ec3 2915496 grub-efi-arm-dbg_2.06-13+deb12u2_armel.deb 26c33823e46732839f5aa75eb02607a3885bd885 227016 grub-efi-arm_2.06-13+deb12u2_armel.deb 9d22d3c5d4679a48f0c92d5784b7a6f38699adc8 183792 grub-efi_2.06-13+deb12u2_armel.deb f1adef550f63b28266b24392cdf37aab67870a22 385036 grub-mount-udeb_2.06-13+deb12u2_armel.udeb bf4045a3c9bb76dca0dc52203fe929e9862e04a0 2333464 grub-theme-starfield_2.06-13+deb12u2_armel.deb 8c91d41cc777ed521c9f14bedbccf2a071bd7759 729072 grub-uboot-bin_2.06-13+deb12u2_armel.deb 9aea35c932d81a8947a8a6b2520871311fcd60a1 2707300 grub-uboot-dbg_2.06-13+deb12u2_armel.deb 27d155899a935a6e5bf3a398b85e3eec962e0e22 227008 grub-uboot_2.06-13+deb12u2_armel.deb e155cda1b303ff640221035d7886c66a0aaa147b 1438004 grub2-common-dbgsym_2.06-13+deb12u2_armel.deb 8396aaff01b1a01b04712f40a7d4b64657485e16 754604 grub2-common_2.06-13+deb12u2_armel.deb cc0316c6ace6d2c96fb8c9ca62d92e8e09ae3f91 14185 grub2_2.06-13+deb12u2_armel-buildd.buildinfo Checksums-Sha256: 26bbf8c30cfd97fd5e1ca89190c95a943a1f332b5510c40363c207b5ed169def 10266404 grub-common-dbgsym_2.06-13+deb12u2_armel.deb 6afce6d5e96e727021e52fcb1f0528b1709aa40f2e012e8848cdd0f2468195eb 2498236 grub-common_2.06-13+deb12u2_armel.deb f4582317f09b9be57219f939fdd047c3bfc3eb7ba34d09aad781d559b927c640 759360 grub-efi-arm-bin_2.06-13+deb12u2_armel.deb d6c6e9fe1991d2e4ba9d48644d5971fb09f29e42798215681629b062464d9c3e 2915496 grub-efi-arm-dbg_2.06-13+deb12u2_armel.deb 741f90d677c09dda61392243a94e444517617583c4333588d2783bd7191815d8 227016 grub-efi-arm_2.06-13+deb12u2_armel.deb 04bd4368ecc2a974422c2db8e4594313858e425e907509e855534f6aaff0babf 183792 grub-efi_2.06-13+deb12u2_armel.deb 48f9d26175df4f3015c8feeae6765e0da1a7ffadd8cecf55ba8e40dda3f1665f 385036 grub-mount-udeb_2.06-13+deb12u2_armel.udeb 5f7e63e9ff1562be8a1690cc1fdfa71f1c595267d5b7368617e14cf8900913ac 2333464 grub-theme-starfield_2.06-13+deb12u2_armel.deb 4c1d11602a0dd5ddbf597d39e69054164e4a60a2bccc3d8e99d63ca96ccd5e5c 729072 grub-uboot-bin_2.06-13+deb12u2_armel.deb 2d4521b43f85ca2cc5df852b370bc9bb00085bae979cd5fff9137453ae62b3d9 2707300 grub-uboot-dbg_2.06-13+deb12u2_armel.deb 2e5d6c89919dbbba6f2a000501d1fd1346e3472a6f85dbeb212b17124fb5b7ee 227008 grub-uboot_2.06-13+deb12u2_armel.deb 33de5d889acdc6f9b2fca312e7191dcfbe422aee6dee73f44576b13d7590ee25 1438004 grub2-common-dbgsym_2.06-13+deb12u2_armel.deb d0666cb9ee820f8609081d94efb3d43ff01e2223f2f7cb29db881d6597557ffc 754604 grub2-common_2.06-13+deb12u2_armel.deb 4f04eb1cc8699bc2e84cbb0296b3f90a3be273071df231f1a5575f15fc9a36c6 14185 grub2_2.06-13+deb12u2_armel-buildd.buildinfo Files: 83f3197e844b4d8a6285e5bb0fd50770 10266404 debug optional grub-common-dbgsym_2.06-13+deb12u2_armel.deb 3bbff2af1e3f1c7e5a7665f03f711958 2498236 admin optional grub-common_2.06-13+deb12u2_armel.deb 9c0cb0acd35fb00af77735a98b2278b3 759360 admin optional grub-efi-arm-bin_2.06-13+deb12u2_armel.deb f6d28eb373a56ec3a283e3f68e811b71 2915496 debug optional grub-efi-arm-dbg_2.06-13+deb12u2_armel.deb 24d27bf7dea4871cb3da9765f6b8f1f7 227016 admin optional grub-efi-arm_2.06-13+deb12u2_armel.deb 7a7ad70c95cdec24e798bb32c8512eb9 183792 admin optional grub-efi_2.06-13+deb12u2_armel.deb 69cbedd21a9ba267f5da47125a061f49 385036 debian-installer optional grub-mount-udeb_2.06-13+deb12u2_armel.udeb 90362b75ae05afb53adf440a7b587972 2333464 admin optional grub-theme-starfield_2.06-13+deb12u2_armel.deb 460f4c0a9fdc281343e96faf73f2d099 729072 admin optional grub-uboot-bin_2.06-13+deb12u2_armel.deb 63127c8476fd7148155dedbb59b12af9 2707300 debug optional grub-uboot-dbg_2.06-13+deb12u2_armel.deb f57853c0579697f562e1ee875f9b9ba6 227008 admin optional grub-uboot_2.06-13+deb12u2_armel.deb 573eeeedfbc27cf627dad3594c9aafe6 1438004 debug optional grub2-common-dbgsym_2.06-13+deb12u2_armel.deb cd1f725292476f87175fa91d776ee901 754604 admin optional grub2-common_2.06-13+deb12u2_armel.deb fc75794e64bd7b0775030972405ef9ba 14185 admin optional grub2_2.06-13+deb12u2_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmn3wqwACgkQScpU3dYu lLjc+g/+PtBO9du1vZdgg/mVX/Jg+AMv47rzgIEeyCMlDH2YlnzEE7QH8Mfu+q5A nRb/Hp8Y4q6VzOswH9aH26lE0+ICHIeeITx6PW52G40I39BiXcunJDPlZk/v3VaW FxiwE+fzdoFB6c3gsUpldM7+STydP/Zxcwsqu3fZsQ8yV7D091FwJQWWSpKy45PR KFD9+rocVYHw917g3D6ZO2IA15HE9vxM5mXC/pezlhQGvmrpChgBxAd7nlZEpJrN tEGYjOQ6QscmEpR45lZkntupCkmYFROs7AyeV7IESaFLx4dM99nYGiVgVzXuj43O at0iWCwNpH7CBpJZKGK+zFmLCTj7veVmOTL1vEi68Khqc8COxtM7VWCVMyk/9rgK rJAoQd/c33KhiviKx1TDbVyArvRhDHdVq0USr4aNrAgZkCL/fAB4d08ypqY7qpSb wrVMOB78FitoAaZaI22vokVZXdbvSzHY4bUaitgf1O3mJNxgw1/R1yPcWFY39MIV 0Zf5TqZYTYI4TiQ6Eqr/x155RhUYlnVp6rh3Z02ZjKZ2a68viX77ZIrs2Vrbl67Q cgBt2dKzv370eIR18S/A3HV8deGjXHv7WrsKxbludsnFObw7lxgU2kqiGBzPEdYK VJ6iCnChO194KnRL/IPfpkX1M48B9hYu3UVuwAI+h6O+XpdSgmI= =iYq2 -----END PGP SIGNATURE-----