Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sys-boot/grub: Fix for CVE-2021-3981 #27288

Closed
wants to merge 1 commit into from
Closed

sys-boot/grub: Fix for CVE-2021-3981 #27288

wants to merge 1 commit into from

Conversation

f-denkena
Copy link
Contributor

This commit pulled a patch from GRUB upstream that fixes CVE-2021-3981.

Bug: https://bugs.gentoo.org/835082
Signed-off-by: Federico Denkena federico.denkena@posteo.de

@f-denkena
sys-boot/grub: Fix for CVE-2021-3981
3a87354 
This commit pulled a patch from GRUB upstream that fixes CVE-2021-3981.

Bug: https://bugs.gentoo.org/835082
Signed-off-by: Federico Denkena <federico.denkena@posteo.de>
@f-denkena
Copy link
Contributor Author

All patches have been scrubbed with the gentoo scrub-patches utility to keep the tree clean. Verified to compile on amd64.

@gentoo-bot
Copy link

Pull Request assignment

Submitter: @f-denkena
Areas affected: ebuilds
Packages affected: sys-boot/grub

sys-boot/grub: @floppym, @gentoo/base-system

Linked bugs

Bugs linked: 835082

In order to force reassignment and/or bug reference scan, please append [please reassign] to the pull request title.

Docs: Code of ConductCopyright policy (expl.) ● DevmanualGitHub PRsProxy-maint guide

@gentoo-bot gentoo-bot added assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. security PR that needs to be merged promptly as it addresses security issues labels Sep 16, 2022
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-09-16 22:32 UTC
Newest commit scanned: 3a87354
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/e304c11e85/output.html

@floppym
Copy link
Contributor

floppym commented Sep 16, 2022

All patches have been scrubbed with the gentoo scrub-patches utility to keep the tree clean. Verified to compile on amd64.

Please do not mix such "cleanup" changes with a security fix.

@floppym
Copy link
Contributor

floppym commented Sep 16, 2022

Also, removing the metadata generated by git format-patch is counter-productive. There is no reason to run scrub-patch on these files.

@floppym
Copy link
Contributor

floppym commented Sep 16, 2022

Anyway, thanks for the PR. I implemented a similar change in 0123316.

@floppym floppym closed this Sep 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@floppym floppym Awaiting requested review from floppym

Assignees
No one assigned
Labels
assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. security PR that needs to be merged promptly as it addresses security issues
Projects
None yet
Milestone
No milestone
4 participants
@f-denkena @gentoo-bot @gentoo-repo-qa-bot @floppym