diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-10 07:42:09 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-10 07:42:09 +0200 |
commit | 5e243e40d11d48fe1f3b8bb1a913a5f4700492db (patch) | |
tree | 1aac16ccaba6c0e26aa7a29dc8b54824a3e2314d | |
parent | a2b4123690ff2d0cfbb5d47db0d01f3663c5fb92 (diff) |
Update information on CVE-2020-15705 with (hopefully enough) detailed clarification
-rw-r--r-- | data/CVE/2020.list | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index aaf7125408..78e3679c60 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3660,8 +3660,12 @@ CVE-2020-15706 (GRUB2 contains a race condition in grub_script_function_create() NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=426f57383d647406ae9c628c472059c27cd6e040 CVE-2020-15705 (GRUB2 fails to validate kernel signature when booted directly without ...) - - grub2 <unfixed> (unimportant) - NOTE: Issue does not affect standard SB Debian setup. + - grub2 <not-affected> (Vulnerable code specific in Ubuntu) + NOTE: Debian's grub_linuxefi_secure_validate has different interface than the one in + NOTE: Ubuntu and returns the code from "shim not available" and "kernel signature + NOTE: verification failed". The patch for CVE-2020-15705 is essentially about handling + NOTE: those two cases in the same way when they were previously handled differently, + NOTE: and so not a problem for src:grub2 in Debian. NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 CVE-2020-15704 [ppp ZDI-CAN-11504] RESERVED |