-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Apr 2026 21:03:46 +0100 Source: grub2 Binary: grub-common grub-common-dbgsym grub-efi grub-efi-arm grub-efi-arm-bin grub-efi-arm-dbg grub-mount-udeb grub-theme-starfield grub-uboot grub-uboot-bin grub-uboot-dbg grub2-common grub2-common-dbgsym Architecture: armhf Version: 2.06-13+deb12u2 Distribution: bookworm Urgency: medium Maintainer: armhf Build Daemon (arm-conova-01) Changed-By: Steve McIntyre <93sam@debian.org> Description: grub-common - GRand Unified Bootloader (common files) grub-efi - GRand Unified Bootloader, version 2 (dummy package) grub-efi-arm - GRand Unified Bootloader, version 2 (ARM UEFI version) grub-efi-arm-bin - GRand Unified Bootloader, version 2 (ARM UEFI modules) grub-efi-arm-dbg - GRand Unified Bootloader, version 2 (ARM UEFI debug files) grub-mount-udeb - export GRUB filesystems using FUSE (udeb) grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme) grub-uboot - GRand Unified Bootloader, version 2 (ARM U-Boot version) grub-uboot-bin - GRand Unified Bootloader, version 2 (ARM U-Boot modules) grub-uboot-dbg - GRand Unified Bootloader, version 2 (ARM U-Boot debug files) grub2-common - GRand Unified Bootloader (common files for version 2) Changes: grub2 (2.06-13+deb12u2) bookworm; urgency=medium . [ Julian Andres Klode ] * Set Protected: yes for -signed packages so they cannot easily be removed * debian/patches: Backport to bookworm . [ Felix Zielcke ] * Add salsa-ci.yml and disable blhc and reprotest pipelines. . [ Luca Boccassi ] * salsa-ci: configure for stable builds . [ Mate Kukri ] * Cherry-pick remaining XFS delta from 2.12 * Cherry-pick upstream vulnerability fixes * Cherry-pick extfs regression patch * Cherry-pick xfs regression patches * Bump SBAT level to grub,5 * fs/fat: Don't error when mtime is 0 (LP: #2098641) * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG - CVE-2024-45774 * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation - CVE-2024-45775 * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read - CVE-2024-45776 * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write - CVE-2024-45777 * SECURITY UPDATE: fs/bfs: Integer overflow - CVE-2024-45778 * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read - CVE-2024-45779 * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write - CVE-2024-45780 * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write - CVE-2024-45781 * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write - CVE-2024-45782 * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF - CVE-2024-45783 * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload - CVE-2025-0622 * SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file() - CVE-2025-0624 * SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks - CVE-2025-0677 * SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-0678 * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0684 * SECURITY UPDATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0685 * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data - CVE-2025-0686 * SECURITY UPDATE: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution - CVE-2025-0689 * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write - CVE-2025-0690 * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled - CVE-2025-1118 * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write - CVE-2025-1125 * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835] . [ Steve McIntyre ] * Drop NTFS patches that seem to be causing regressions * Remove NTFS from the monolithic EFI grub image, so we don't sign vulnerable code. * Similarly, remove jfs - we have doubts. * Bump SBAT levels: + grub,5 now we have the 2025 CVE fixes included + grub.debian,5 + grub.debian12,1 Checksums-Sha1: 8ffd3b507cadd7588763fdb245f781e011c430cc 10404328 grub-common-dbgsym_2.06-13+deb12u2_armhf.deb 5b06195c02211028d215f1bf48616fd0140b7bbe 2507332 grub-common_2.06-13+deb12u2_armhf.deb d20c0ffc61205e93ffaf3bf8293f55b6fe4837ea 758136 grub-efi-arm-bin_2.06-13+deb12u2_armhf.deb 725372793bea4c6d6db0344f01e96e9edfee2d71 2935812 grub-efi-arm-dbg_2.06-13+deb12u2_armhf.deb 2760a1749f967c78413c62b2fa4bce102182d1da 227000 grub-efi-arm_2.06-13+deb12u2_armhf.deb bd892fd0ad542c2a3f096e9898294c74874b514f 183792 grub-efi_2.06-13+deb12u2_armhf.deb 9354a83d77f439e462d01f7766d0c38f0b094f5f 387864 grub-mount-udeb_2.06-13+deb12u2_armhf.udeb 1941f07107b44c904014f14f3f0219e05dbb10b1 2333464 grub-theme-starfield_2.06-13+deb12u2_armhf.deb 5bbb4b27f1369ec21d78acabb98e7c801c402b2e 727908 grub-uboot-bin_2.06-13+deb12u2_armhf.deb c95e9d4ec65ffd166bb5d7034f514fedc095c9ac 2726444 grub-uboot-dbg_2.06-13+deb12u2_armhf.deb e8f4e81e7e09774a75110c9759fe982b52f1a7a9 227008 grub-uboot_2.06-13+deb12u2_armhf.deb d13a430fb8c9b002b76c303ab52b2fa15eed8a43 1454832 grub2-common-dbgsym_2.06-13+deb12u2_armhf.deb e4b405ec7f314cac58d1349bb9e2c3ab8f6e4b02 756336 grub2-common_2.06-13+deb12u2_armhf.deb 180b372e83d6eae2ed515554f14032d6a5464caf 14187 grub2_2.06-13+deb12u2_armhf-buildd.buildinfo Checksums-Sha256: aa4050a915c7a4bbdd8ddf5fe516c62ad32c764bb3c1d64e1f8eb3c7447eb3d4 10404328 grub-common-dbgsym_2.06-13+deb12u2_armhf.deb a72d9abc428da4e9bd373752b4000d79604d99643aa75883ea5c2adb22aa0a19 2507332 grub-common_2.06-13+deb12u2_armhf.deb 0dcf718c1603398a63761a3a1b4097f961f18ef463666fcc4f620281d4bb4d62 758136 grub-efi-arm-bin_2.06-13+deb12u2_armhf.deb 6666be8d8a86d3b987b8734de2a9e662932601127a259626c52674491e75b6e8 2935812 grub-efi-arm-dbg_2.06-13+deb12u2_armhf.deb f1368acfe38f52bdd2dea06efc84d5e5b96028a32bfbee32c28f9663e672a178 227000 grub-efi-arm_2.06-13+deb12u2_armhf.deb 7c56415e5e0b03963a09bc596ff64197e457f7c72a88020f052f17dc7c925b39 183792 grub-efi_2.06-13+deb12u2_armhf.deb c4011f0185df55ed278e2ca7a72200388a6ecaa8cdb5279f543056abdb35e235 387864 grub-mount-udeb_2.06-13+deb12u2_armhf.udeb 282d058412220fed78ff3f7fd36e5f44805356666e9e74bf8cfeb90d0e257533 2333464 grub-theme-starfield_2.06-13+deb12u2_armhf.deb 469db6ae2d2436e52b06fbfdca5f0832a847ebf5b9f4e11f204c3bd710c9418e 727908 grub-uboot-bin_2.06-13+deb12u2_armhf.deb 9af717654398ab6c74cb15695c0077b56833db75026f15aac7f4981429148381 2726444 grub-uboot-dbg_2.06-13+deb12u2_armhf.deb c1523fff43f97d7a58daf3004b9eef282b45c3718f2f8850cd5c34a07498345c 227008 grub-uboot_2.06-13+deb12u2_armhf.deb 074fe0af002f5c47a9ffd3abb00276db2304bb6f0f29021794d3171763266f82 1454832 grub2-common-dbgsym_2.06-13+deb12u2_armhf.deb 565b230bed67ecaf80e35d79d9bed09119d18f6549977fc3ad1ce45d6720b047 756336 grub2-common_2.06-13+deb12u2_armhf.deb 75c54059c6d79def221e1c3f8cb473321083d0312148c1dccbd8b6491b1dd7cb 14187 grub2_2.06-13+deb12u2_armhf-buildd.buildinfo Files: 9fd471a9e59de82567a93cabcad54267 10404328 debug optional grub-common-dbgsym_2.06-13+deb12u2_armhf.deb 33a8c3d3f478cd5382775bc578990777 2507332 admin optional grub-common_2.06-13+deb12u2_armhf.deb 66c6d60086fca73f90dbf10ccb12150d 758136 admin optional grub-efi-arm-bin_2.06-13+deb12u2_armhf.deb e6dd2bc0ee535dffeaa086d94de9ffe4 2935812 debug optional grub-efi-arm-dbg_2.06-13+deb12u2_armhf.deb 8f07de6d3888dd8be808325828afd505 227000 admin optional grub-efi-arm_2.06-13+deb12u2_armhf.deb ea9c851027ca9bacd0c1b8e4a9242bc1 183792 admin optional grub-efi_2.06-13+deb12u2_armhf.deb 1a133af98649d14238fedd4993f0b220 387864 debian-installer optional grub-mount-udeb_2.06-13+deb12u2_armhf.udeb feb3fc99eda5ab4ea5345267c99db8db 2333464 admin optional grub-theme-starfield_2.06-13+deb12u2_armhf.deb 1ae9330de1a6dae644a52c6009e48135 727908 admin optional grub-uboot-bin_2.06-13+deb12u2_armhf.deb 9945958a99c60607be9e35a52993a188 2726444 debug optional grub-uboot-dbg_2.06-13+deb12u2_armhf.deb 166879cc5f5172207eea3ef12081e2d7 227008 admin optional grub-uboot_2.06-13+deb12u2_armhf.deb 4935ee9aab23b542424ecb04b2222ca5 1454832 debug optional grub2-common-dbgsym_2.06-13+deb12u2_armhf.deb 8b13849b20b6cb4342ea98dcd298219c 756336 admin optional grub2-common_2.06-13+deb12u2_armhf.deb 4770f2384f2ce9968dd6787bcbdd7484 14187 admin optional grub2_2.06-13+deb12u2_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmn3xpEACgkQ8U6eOZMp j6992w//aW/a448FNG3g0bF4+LJ/zRmVnNb+hy9m9CDP6TbBWcotmzt8a8MuM6tc M7eZN0F6lky16/owrPYDht6IHLCWvSHjFVNIlJR3tM5yGk7ImOElhgpiaD6kV19f Z3lO8IPFIumQIj9nvCPrVeGYDv6/8TNcpEr7H5amsr/1pGl5TFLQM2RhS87A+JmA OWhWYjmLbIjBE/B3qX0vapMxTJfBP4jdFS7zaemRNoT8r7TFrQqzotFm+idTG/zV J/ryP1AA6dS2q44g/6zksAc/ZOi8/xWA9KhHnwhMoByQi9MvW87H3ynJWmaJJzez rjpyoL5sgjhvACq/mvBgglY2xTSXHyfV/rDsGeKN8Xa389xHmXKrHNnKA6LE8cRJ 85BfKD774gdryM+81wN5UJmo0A5eLVjdkcTT8yyeoGnOHRHbBedhsTwdhIq2sj2t NVeV51lKctOcijATcv7OtFPDQg7iJsTk0JTWGECsEVEVdsQpLM1+YTlZftJZBaB/ gdxf93fIRYl/xFyNoCSPAEA2n6lgNgbAAjLMqZhiRh2G1ybT14seh9e9JyhQpNhB p8dPcuUmzmIRrSJd9xVuWVv/FEvvS5PoKmpIWva/nfMkiAuDMpg1ipS7OrECtf8/ sfzWdXRPPenKEk4+r/pQnaHAVTdCzrbtJVk9dgw4RI5gVkQcxPc= =LW1k -----END PGP SIGNATURE-----