summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-08-10 07:42:09 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2020-08-10 07:42:09 +0200
commit3ef7c83cedfeaa21c0a1cf8f61e3196170550889 (patch)
tree2e7077912f2fb6be019cea8f525b97b8864e1e3c
parentfc9d04e21dccd0f0bfdc2b58e77f8dd16a61cb6f (diff)
Update information on CVE-2020-15705 with (hopefully enough) detailed clarification
-rw-r--r--data/CVE/list8
1 files changed, 6 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 7f83d5f4ad..3e0f306a96 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3678,8 +3678,12 @@ CVE-2020-15706 (GRUB2 contains a race condition in grub_script_function_create()
NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=426f57383d647406ae9c628c472059c27cd6e040
CVE-2020-15705 (GRUB2 fails to validate kernel signature when booted directly without ...)
- - grub2 <unfixed> (unimportant)
- NOTE: Issue does not affect standard SB Debian setup.
+ - grub2 <not-affected> (Vulnerable code specific in Ubuntu)
+ NOTE: Debian's grub_linuxefi_secure_validate has different interface than the one in
+ NOTE: Ubuntu and returns the code from "shim not available" and "kernel signature
+ NOTE: verification failed". The patch for CVE-2020-15705 is essentially about handling
+ NOTE: those two cases in the same way when they were previously handled differently,
+ NOTE: and so not a problem for src:grub2 in Debian.
NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
CVE-2020-15704 [ppp ZDI-CAN-11504]
RESERVED

© 2014-2024 Faster IT GmbH | imprint | privacy policy