grub2: CVE-2015-8370: buffer overflow when checking password entered during bootup

Debian Bug report logs - #807614
grub2: CVE-2015-8370: buffer overflow when checking password entered during bootup

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: grub2: CVE-2015-8370: buffer overflow when checking password entered during bootup

Date: Thu, 10 Dec 2015 22:43:41 +0100

Source: grub2
Version: 1.99-27
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for grub2.

CVE-2015-8370[0]:
buffer overflow when checking password entered during bootup

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8370
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1286966

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 808122-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 808122-close@bugs.debian.org

Subject: Bug#808122: fixed in grub2 2.02~beta2-33

Date: Wed, 16 Dec 2015 10:39:53 +0000

Source: grub2
Source-Version: 2.02~beta2-33

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 808122@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 16 Dec 2015 09:46:22 +0000
Source: grub2
Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu grub-emu-dbg grub-pc-bin grub-pc-dbg grub-pc grub-rescue-pc grub-coreboot-bin grub-coreboot-dbg grub-coreboot grub-efi-ia32-bin grub-efi-ia32-dbg grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64-dbg grub-efi-amd64 grub-efi-ia64-bin grub-efi-ia64-dbg grub-efi-ia64 grub-efi-arm-bin grub-efi-arm-dbg grub-efi-arm grub-efi-arm64-bin grub-efi-arm64-dbg grub-efi-arm64 grub-ieee1275-bin grub-ieee1275-dbg grub-ieee1275 grub-firmware-qemu grub-uboot-bin grub-uboot-dbg grub-uboot grub-xen-bin grub-xen-dbg grub-xen grub-xen-host grub-yeeloong-bin grub-yeeloong-dbg grub-yeeloong grub-theme-starfield grub-mount-udeb
Architecture: source
Version: 2.02~beta2-33
Distribution: unstable
Urgency: high
Maintainer: GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 grub-common - GRand Unified Bootloader (common files)
 grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version)
 grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries)
 grub-coreboot-dbg - GRand Unified Bootloader, version 2 (Coreboot debug files)
 grub-efi   - GRand Unified Bootloader, version 2 (dummy package)
 grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version)
 grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
 grub-efi-amd64-dbg - GRand Unified Bootloader, version 2 (EFI-AMD64 debug files)
 grub-efi-arm - GRand Unified Bootloader, version 2 (ARM UEFI version)
 grub-efi-arm-bin - GRand Unified Bootloader, version 2 (ARM UEFI binaries)
 grub-efi-arm-dbg - GRand Unified Bootloader, version 2 (ARM UEFI debug files)
 grub-efi-arm64 - GRand Unified Bootloader, version 2 (ARM64 UEFI version)
 grub-efi-arm64-bin - GRand Unified Bootloader, version 2 (ARM64 UEFI binaries)
 grub-efi-arm64-dbg - GRand Unified Bootloader, version 2 (ARM64 UEFI debug files)
 grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version)
 grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries)
 grub-efi-ia32-dbg - GRand Unified Bootloader, version 2 (EFI-IA32 debug files)
 grub-efi-ia64 - GRand Unified Bootloader, version 2 (IA64 version)
 grub-efi-ia64-bin - GRand Unified Bootloader, version 2 (IA64 binaries)
 grub-efi-ia64-dbg - GRand Unified Bootloader, version 2 (IA64 debug files)
 grub-emu   - GRand Unified Bootloader, version 2 (emulated version)
 grub-emu-dbg - GRand Unified Bootloader, version 2 (emulated debug files)
 grub-firmware-qemu - GRUB firmware image for QEMU
 grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version)
 grub-ieee1275-bin - GRand Unified Bootloader, version 2 (Open Firmware binaries)
 grub-ieee1275-dbg - GRand Unified Bootloader, version 2 (Open Firmware debug files)
 grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package)
 grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
 grub-pc    - GRand Unified Bootloader, version 2 (PC/BIOS version)
 grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries)
 grub-pc-dbg - GRand Unified Bootloader, version 2 (PC/BIOS debug files)
 grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version)
 grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme)
 grub-uboot - GRand Unified Bootloader, version 2 (ARM U-Boot version)
 grub-uboot-bin - GRand Unified Bootloader, version 2 (ARM U-Boot binaries)
 grub-uboot-dbg - GRand Unified Bootloader, version 2 (ARM U-Boot debug files)
 grub-xen   - GRand Unified Bootloader, version 2 (Xen version)
 grub-xen-bin - GRand Unified Bootloader, version 2 (Xen binaries)
 grub-xen-dbg - GRand Unified Bootloader, version 2 (Xen debug files)
 grub-xen-host - GRand Unified Bootloader, version 2 (Xen host version)
 grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version)
 grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong binaries)
 grub-yeeloong-dbg - GRand Unified Bootloader, version 2 (Yeeloong debug files)
 grub2      - GRand Unified Bootloader, version 2 (dummy package)
 grub2-common - GRand Unified Bootloader (common files for version 2)
Closes: 807385 808122
Changes:
 grub2 (2.02~beta2-33) unstable; urgency=high
 .
   [ Mathieu Trudel-Lapierre ]
   * Cherry-picks to better handle TFTP timeouts on some arches: (LP: #1521612)
     - (7b386b7) efidisk: move device path helpers in core for efinet
     - (c52ae40) efinet: skip virtual IP devices when enumerating cards
     - (f348aee) efinet: enable hardware filters when opening interface
 .
   [ Lee Trager ]
   * Add raid5rec and raid6rec to signed EFI images (closes: #807385).
 .
   [ Colin Watson ]
   * CVE-2015-8370: Fix authentication bypass via backspace integer underflow
     (closes: #808122).
Checksums-Sha1:
 2aa3f7f352023335227b69dd89ed2a2e961e2fc2 6331 grub2_2.02~beta2-33.dsc
 25be871c01c4c6a61d1d8204f2bada863d9b1a71 1034412 grub2_2.02~beta2-33.debian.tar.xz
Checksums-Sha256:
 bc729e078f83ccb4dcda0940f71269731dd99672881e41df87b438c7b37c9a28 6331 grub2_2.02~beta2-33.dsc
 19725e62a54bf5693d34471703bd8ed7f66edbe9cc43ebb3a6a8c6855d08156c 1034412 grub2_2.02~beta2-33.debian.tar.xz
Files:
 9b85fdbc92382c7f9ca7ebe5b7d4b4db 6331 admin extra grub2_2.02~beta2-33.dsc
 4edc749623147cab6d720926defcb91c 1034412 admin extra grub2_2.02~beta2-33.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBVnEzRTk1h9l9hlALAQijNw//dWgCDVNnGWmU1duKUiB2mC1yCynak5AR
cLDnn/SocRnGrCkoH2Uhn3yaFwJrgHOsGzjPJLjxWcXpNLfjIHG5d6Ux7XDKKA7v
SK08WNiGxgH2KSoyl0Q6nZEWFQ4QShEY0OxqEh8eP3x1GTB5GG6slOfcw667ZQxp
7XkwyY06l0Pkhkl5VzK99Wq1DTTS3BCpwVCzKDicTO56MdgD4XsmdXrZvATx4ext
oz/zN1VWKGauCxPcWnrDyw8LgYJay83QTu3lwSZ/h8ikCvrbwzmPdGqO/hmxmSuv
GPqGZyGVr7oSNGSf9+9ie8yvsP9mq9QHWkfjAbJQn0RECbcxKN49vjlUuLC58fni
X94GLcjDoRKT1G6SpbG3JTxOiGENTLJCIDn6UwPZhz06flEtAFu72tyPtLo/DX29
oNOinc3Ogtd1U5R1EcgCCGYVdyarncvwXl7CeKIl7zmfKj/4vvC4th4nme2WqZMy
97YScH9ti7S6INH9g4LDWoe0IyZqbsrLWBrJK3VPnYDucAW2oQPM9u8kf1JX9xi0
JzbisG/mfPSxJKWB9Z48sTpPgD4G81OR0ehep1v1UrgdSUZFTbJZaRvQodisCNv6
QwrB8VlBwA4hLMGP/Lb3JU54FiCC3ZM3yR/mhz9HqNE8zs0+pcxSCbJnoT64reKP
JnX/bT9ULxI=
=j9iC
-----END PGP SIGNATURE-----

Message #17 received at 807614@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 807614@bugs.debian.org

Subject: Re: Bug#807614: grub2: CVE-2015-8370: buffer overflow when checking password entered during bootup

Date: Wed, 16 Dec 2015 12:22:06 +0100

[Message part 1 (text/plain, inline)]

Control: tags -1 + patch

Hi

Attached is proposed debdiff for the unstable version.

Regards,
Salvatore

[grub2_2.02~beta2-32.1.debdiff (text/plain, attachment)]

Message #22 received at 807614@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 807614@bugs.debian.org

Subject: Re: Bug#807614: grub2: CVE-2015-8370: buffer overflow when checking password entered during bootup

Date: Wed, 16 Dec 2015 11:49:21 +0000

On Wed, Dec 16, 2015 at 12:22:06PM +0100, Salvatore Bonaccorso wrote:
> Attached is proposed debdiff for the unstable version.

Thanks; but I already uploaded a cherry-pick of the (slightly different)
upstream patch.

-- 
Colin Watson                                       [cjwatson@debian.org]

Message #27 received at 807614@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Colin Watson <cjwatson@debian.org>

Cc: 807614@bugs.debian.org, Debian Security Team <team@security.debian.org>

Subject: Re: Bug#807614: grub2: CVE-2015-8370: buffer overflow when checking password entered during bootup

Date: Wed, 16 Dec 2015 13:25:32 +0100

Hi colin,

On Wed, Dec 16, 2015 at 11:49:21AM +0000, Colin Watson wrote:
> On Wed, Dec 16, 2015 at 12:22:06PM +0100, Salvatore Bonaccorso wrote:
> > Attached is proposed debdiff for the unstable version.
> 
> Thanks; but I already uploaded a cherry-pick of the (slightly different)
> upstream patch.

Great thanks. Updates for wheezy- and jessie-security were prepared by
Santiago already, and Luciano Bello planned to release the DSA update,
so no work needed for those FWIW.

Regards,
Salvatore

Message #32 received at 807614@bugs.debian.org (full text, mbox, reply):

From: Thomas Morgan <tmorgan@cc-llc.net>

To: 807614@bugs.debian.org

Subject: Re: grub2: CVE-2015-8370: buffer overflow when checking password entered during bootup

Date: Thu, 17 Dec 2015 17:14:10 -0500

On Thu, 10 Dec 2015 22:43:41 +0100 Salvatore Bonaccorso wrote:
> Source: grub2
> Version: 1.99-27
> Severity: important
> Tags: security upstream patch
> 
> Hi,
> 
> the following vulnerability was published for grub2.
> 
> CVE-2015-8370[0]:
> buffer overflow when checking password entered during bootup
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2015-8370
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1286966
> 
> Please adjust the affected versions in the BTS as needed.
> 
> Regards,
> Salvatore
> 
> 

Message #37 received at 807614@bugs.debian.org (full text, mbox, reply):

From: Thomas Morgan <tmorgan@cc-llc.net>

To: 807614@bugs.debian.org

Subject: Re: grub2: CVE-2015-8370: buffer overflow when checking password entered during bootup

Date: Thu, 17 Dec 2015 17:14:11 -0500

On Thu, 10 Dec 2015 22:43:41 +0100 Salvatore Bonaccorso wrote:
> Source: grub2
> Version: 1.99-27
> Severity: important
> Tags: security upstream patch
> 
> Hi,
> 
> the following vulnerability was published for grub2.
> 
> CVE-2015-8370[0]:
> buffer overflow when checking password entered during bootup
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2015-8370
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1286966
> 
> Please adjust the affected versions in the BTS as needed.
> 
> Regards,
> Salvatore
> 
> 

Message #42 received at 807614-close@bugs.debian.org (full text, mbox, reply):

From: Santiago Ruano Rincón <santiagorr@riseup.net>

To: 807614-close@bugs.debian.org

Subject: Bug#807614: fixed in grub2 2.02~beta2-22+deb8u1

Date: Sun, 20 Dec 2015 18:02:14 +0000

Source: grub2
Source-Version: 2.02~beta2-22+deb8u1

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Ruano Rincón <santiagorr@riseup.net> (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Dec 2015 20:18:02 +0100
Source: grub2
Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu grub-emu-dbg grub-pc-bin grub-pc-dbg grub-pc grub-rescue-pc grub-coreboot-bin grub-coreboot-dbg grub-coreboot grub-efi-ia32-bin grub-efi-ia32-dbg grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64-dbg grub-efi-amd64 grub-efi-ia64-bin grub-efi-ia64-dbg grub-efi-ia64 grub-efi-arm-bin grub-efi-arm-dbg grub-efi-arm grub-efi-arm64-bin grub-efi-arm64-dbg grub-efi-arm64 grub-ieee1275-bin grub-ieee1275-dbg grub-ieee1275 grub-firmware-qemu grub-uboot-bin grub-uboot-dbg grub-uboot grub-xen-bin grub-xen-dbg grub-xen grub-xen-host grub-yeeloong-bin grub-yeeloong-dbg grub-yeeloong grub-theme-starfield grub-mount-udeb
Architecture: source
Version: 2.02~beta2-22+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description:
 grub-common - GRand Unified Bootloader (common files)
 grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version)
 grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries)
 grub-coreboot-dbg - GRand Unified Bootloader, version 2 (Coreboot debug files)
 grub-efi   - GRand Unified Bootloader, version 2 (dummy package)
 grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version)
 grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
 grub-efi-amd64-dbg - GRand Unified Bootloader, version 2 (EFI-AMD64 debug files)
 grub-efi-arm - GRand Unified Bootloader, version 2 (ARM UEFI version)
 grub-efi-arm-bin - GRand Unified Bootloader, version 2 (ARM UEFI binaries)
 grub-efi-arm-dbg - GRand Unified Bootloader, version 2 (ARM UEFI debug files)
 grub-efi-arm64 - GRand Unified Bootloader, version 2 (ARM64 UEFI version)
 grub-efi-arm64-bin - GRand Unified Bootloader, version 2 (ARM64 UEFI binaries)
 grub-efi-arm64-dbg - GRand Unified Bootloader, version 2 (ARM64 UEFI debug files)
 grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version)
 grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries)
 grub-efi-ia32-dbg - GRand Unified Bootloader, version 2 (EFI-IA32 debug files)
 grub-efi-ia64 - GRand Unified Bootloader, version 2 (IA64 version)
 grub-efi-ia64-bin - GRand Unified Bootloader, version 2 (IA64 binaries)
 grub-efi-ia64-dbg - GRand Unified Bootloader, version 2 (IA64 debug files)
 grub-emu   - GRand Unified Bootloader, version 2 (emulated version)
 grub-emu-dbg - GRand Unified Bootloader, version 2 (emulated debug files)
 grub-firmware-qemu - GRUB firmware image for QEMU
 grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version)
 grub-ieee1275-bin - GRand Unified Bootloader, version 2 (Open Firmware binaries)
 grub-ieee1275-dbg - GRand Unified Bootloader, version 2 (Open Firmware debug files)
 grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package)
 grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
 grub-pc    - GRand Unified Bootloader, version 2 (PC/BIOS version)
 grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries)
 grub-pc-dbg - GRand Unified Bootloader, version 2 (PC/BIOS debug files)
 grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version)
 grub-theme-starfield - GRand Unified Bootloader, version 2 (starfield theme)
 grub-uboot - GRand Unified Bootloader, version 2 (ARM U-Boot version)
 grub-uboot-bin - GRand Unified Bootloader, version 2 (ARM U-Boot binaries)
 grub-uboot-dbg - GRand Unified Bootloader, version 2 (ARM U-Boot debug files)
 grub-xen   - GRand Unified Bootloader, version 2 (Xen version)
 grub-xen-bin - GRand Unified Bootloader, version 2 (Xen binaries)
 grub-xen-dbg - GRand Unified Bootloader, version 2 (Xen debug files)
 grub-xen-host - GRand Unified Bootloader, version 2 (Xen host version)
 grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version)
 grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong binaries)
 grub-yeeloong-dbg - GRand Unified Bootloader, version 2 (Yeeloong debug files)
 grub2      - GRand Unified Bootloader, version 2 (dummy package)
 grub2-common - GRand Unified Bootloader (common files for version 2)
Closes: 807614
Changes:
 grub2 (2.02~beta2-22+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2015-8370: buffer overflow when checking password entered during
     bootup (Closes: #807614).
Checksums-Sha1:
 a685691faeb826bd5fced98addf4e1a9665a0752 6390 grub2_2.02~beta2-22+deb8u1.dsc
 1bf580f1e8bce4909a7ac7ca485cee02b00ed383 5798740 grub2_2.02~beta2.orig.tar.xz
 040ab048da814af00d5827debd0a6c4e7a64633d 1015608 grub2_2.02~beta2-22+deb8u1.debian.tar.xz
Checksums-Sha256:
 55f51eb39b15bcc719bdde62d09326e95c5618893e5cc7a2a7b29e7612cc35b6 6390 grub2_2.02~beta2-22+deb8u1.dsc
 f6c702b2a8ea58f27a2b02928bb77973cb5a827af08f63db38c471c0a01b418d 5798740 grub2_2.02~beta2.orig.tar.xz
 c14e2a840e54ba752fe93dc721b12123ffff0839dd373c69188693f9605a79c7 1015608 grub2_2.02~beta2-22+deb8u1.debian.tar.xz
Files:
 d40ddc9a22916084c44e57f051c194bc 6390 admin extra grub2_2.02~beta2-22+deb8u1.dsc
 be62932eade308a364ea4bbc91295930 5798740 admin extra grub2_2.02~beta2.orig.tar.xz
 011e7ccc0d82f1a27dd93994735b7c35 1015608 admin extra grub2_2.02~beta2-22+deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWbvTkAAoJEN5v/bjI1ki9TmQQAKdq2BbpDjzhfxhQgZPjATKY
BUHWzBMm2GJTZjxRKwFa1M8N1gYk9vz+2bwIS4w5c6SuuwAy8cYrleE1jEjuWqrc
vx7swculbL5JbCIVs/wTs1I7c1Q5VRNIECz3v/r8cAZnDnO0YFxiaDaaNAqoE92R
SNtF7RHJl7cjlEWIs1eGxBYtf7bjbBNbzaanVcC4StnqkXWkqkkEEBYuNgkCCkzR
DAoTAtOVo8BogXmQrEUP+5kJi2XYwztQ8Vkru2zQ1XASjbkEzQOjMQCcSsfHgrNa
6WO4tZuI1dyj+bpvxObwCWqbsF0xZNLyhRqBx/1kQHSejgX9LKVyJfymxUgQvYyA
h4XuL6qFI0eJT+WSgBxsG9SulW/+JOIZkk8/o27tWiKilAO7DX+oEj5BaxxhWpJi
67c+x+VzgfKIRv8JBAi6lwtO6RvQY/o+lICcVTNHtqsO5OScXsY4ilLUe/v2ZGUI
eGdAhM+BYc4Y61GMdD9TXDRKLTQQAhpXkKYDEQPLfX5PL7kxX3a2lyJ2F9LlaAkH
cxjaJTTS+LN22Zx7Ngzm6p4B89qyopgIt48CL91GZamdy+11fmrx+Ir2bYpJkq25
PkbJixxr4k6z4kA7r75NQM858MMVsLVEJCNi2yy2OqMa/RDf3WPVd19PoEJXc5Fe
apoHk3zMI2Lcw0pxVaLc
=pSKF
-----END PGP SIGNATURE-----

Message #51 received at 807614-close@bugs.debian.org (full text, mbox, reply):

From: Santiago Ruano Rincón <santiagorr@riseup.net>

To: 807614-close@bugs.debian.org

Subject: Bug#807614: fixed in grub2 1.99-27+deb7u3

Date: Sun, 20 Dec 2015 18:07:42 +0000

Source: grub2
Source-Version: 1.99-27+deb7u3

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 807614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Ruano Rincón <santiagorr@riseup.net> (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 14 Dec 2015 13:40:29 +0100
Source: grub2
Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu grub-pc-bin grub-pc grub-rescue-pc grub-coreboot-bin grub-coreboot grub-efi-ia32-bin grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64 grub-ieee1275-bin grub-ieee1275 grub-firmware-qemu grub-yeeloong-bin grub-yeeloong grub-mount-udeb
Architecture: source amd64
Version: 1.99-27+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description: 
 grub-common - GRand Unified Bootloader (common files)
 grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version)
 grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries)
 grub-efi   - GRand Unified Bootloader, version 2 (dummy package)
 grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version)
 grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
 grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version)
 grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries)
 grub-emu   - GRand Unified Bootloader, version 2 (emulated version)
 grub-firmware-qemu - GRUB firmware image for QEMU
 grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version)
 grub-ieee1275-bin - GRand Unified Bootloader, version 2 (Open Firmware binaries)
 grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package)
 grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
 grub-pc    - GRand Unified Bootloader, version 2 (PC/BIOS version)
 grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries)
 grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version)
 grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version)
 grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong binaries)
 grub2      - GRand Unified Bootloader, version 2 (dummy package)
 grub2-common - GRand Unified Bootloader (common files for version 2)
Closes: 807614
Changes: 
 grub2 (1.99-27+deb7u3) wheezy-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2015-8370: buffer overflow when checking password entered
     during bootup (Closes: #807614).
Checksums-Sha1: 
 60bf619b3bf38bc6e519bf7ee685041768ada64e 3694 grub2_1.99-27+deb7u3.dsc
 6d0536da38224e7caf94cf2531a5f921ac057b9b 4652619 grub2_1.99.orig.tar.gz
 3a971bef03620232848cde41f2b45a6cf4b0fe79 421366 grub2_1.99-27+deb7u3.diff.gz
 44a32d2063105b9e60222791b69b5b17f38a2653 2492 grub2_1.99-27+deb7u3_amd64.deb
 27e7df173e155367ca3556880be5d8bca51ae7eb 1088 grub-linuxbios_1.99-27+deb7u3_amd64.deb
 8b2c634ed6ec23dd26f8a2ded3076d75ad3dcefb 1100 grub-efi_1.99-27+deb7u3_amd64.deb
 6ecd26200e392502b027ebb1df34dd1a218bd1c9 1534400 grub-common_1.99-27+deb7u3_amd64.deb
 da9410711a98dd6eadd5fa5801dcb30c029dc068 94322 grub2-common_1.99-27+deb7u3_amd64.deb
 887008257340af8d24f89ce2fa5b3f53b1a2ab86 1752086 grub-emu_1.99-27+deb7u3_amd64.deb
 6bd0072647c61085350e4c1d8bdf6fcd7525b999 639122 grub-pc-bin_1.99-27+deb7u3_amd64.deb
 0d72734df413ea7ddb0265fe1f77a5a516ecc492 170286 grub-pc_1.99-27+deb7u3_amd64.deb
 99528d61509891e38a47d6cb69644f786467dbd5 823188 grub-rescue-pc_1.99-27+deb7u3_amd64.deb
 15187b50f55daf87a4a5cabfd5db91624ea0268a 448564 grub-coreboot-bin_1.99-27+deb7u3_amd64.deb
 6c9bf1ae4d9e88d3a8538eee22fce91a24b97f04 45134 grub-coreboot_1.99-27+deb7u3_amd64.deb
 aff824998633c3d1f06839c414c824a69afb5cf0 457042 grub-efi-ia32-bin_1.99-27+deb7u3_amd64.deb
 8119f3e2c8e831db30b720db87013607eebd73ee 45212 grub-efi-ia32_1.99-27+deb7u3_amd64.deb
 eea24640ddf51cfcca8e32266cc882b83d25dbe0 476372 grub-efi-amd64-bin_1.99-27+deb7u3_amd64.deb
 c88f65a3469bba227cb9c4fb14cd3dfe1dbf4805 45206 grub-efi-amd64_1.99-27+deb7u3_amd64.deb
 b183ecd7ea28092f17a24d1d602b3571f6e4244c 446902 grub-ieee1275-bin_1.99-27+deb7u3_amd64.deb
 53bf1e60ba38aa1cdf18ec689138df630caf9f23 45160 grub-ieee1275_1.99-27+deb7u3_amd64.deb
 2684066de638278e2ec4b18ab366a7f3ec6f4e03 761968 grub-firmware-qemu_1.99-27+deb7u3_amd64.deb
 2654eda1317d49ddd9d3352346652954893b26fb 172390 grub-mount-udeb_1.99-27+deb7u3_amd64.udeb
Checksums-Sha256: 
 55183c2da7b72b38b784588d37f82733a6dff9a3dc68da3e3379271933aebbe2 3694 grub2_1.99-27+deb7u3.dsc
 b91f420f2c51f6155e088e34ff99bea09cc1fb89585cf7c0179644e57abd28ff 4652619 grub2_1.99.orig.tar.gz
 a1a273146cc6011147121d28deef93c9588441730d9b0723f638c5612128bebe 421366 grub2_1.99-27+deb7u3.diff.gz
 25644b6f43ef104d16e8ee2754bb307826fbe7235db7ec9cb359886bf7581bfa 2492 grub2_1.99-27+deb7u3_amd64.deb
 4bb4097474046b94222c9670e57c52e2de0f7991e6b957532b1c3f546005467a 1088 grub-linuxbios_1.99-27+deb7u3_amd64.deb
 cdf24f940cba80cf0fd2c0278cbfa8851da34acc6b4bfc13fea16a3184e206ca 1100 grub-efi_1.99-27+deb7u3_amd64.deb
 140489501a1495ee863a848ba639a7569e99401b1b60824d16e5990063a49ee7 1534400 grub-common_1.99-27+deb7u3_amd64.deb
 a51f070c0f21ecc1e3dede7c09ae6082eaec975bbdee57116bbdedf75ce5acfe 94322 grub2-common_1.99-27+deb7u3_amd64.deb
 c8e8c1cdad438f81852c1deb1e1e164bbc6ad88590a5e0db29bda93cd9333816 1752086 grub-emu_1.99-27+deb7u3_amd64.deb
 91f5028ca000ff524cf074921add947363496e40074b99f03bcd7d0abc37465f 639122 grub-pc-bin_1.99-27+deb7u3_amd64.deb
 cd5b049380a3af25f5c1c646ae0358a89651b90f8e8a3d087bd907c2b61eb26d 170286 grub-pc_1.99-27+deb7u3_amd64.deb
 b0b7b6524da79352355c89faf207978cdbc8f3c29bc7715d5a5f5f7eb2834f3c 823188 grub-rescue-pc_1.99-27+deb7u3_amd64.deb
 325095d3142d323ff8ea2cd38ccb0957e4ca95b8515b443c5cbdbbe54195c399 448564 grub-coreboot-bin_1.99-27+deb7u3_amd64.deb
 0cc128c481cb9b746588300e56d3cc2d12ad8ebe457a9a1d34645bbba757e20d 45134 grub-coreboot_1.99-27+deb7u3_amd64.deb
 60d5d604459f609ee751e0ec192cbb281bd9d26c23d739e93d39bdb061a0ffeb 457042 grub-efi-ia32-bin_1.99-27+deb7u3_amd64.deb
 b6841e9b06c443aba77dc02c8692c7f458101c4c6f995bb1f56e572ec0c34ff6 45212 grub-efi-ia32_1.99-27+deb7u3_amd64.deb
 06bcf34558cc967ceace26a77fa07dccc6d567b12085ed259f1c59cc80f8cd6c 476372 grub-efi-amd64-bin_1.99-27+deb7u3_amd64.deb
 a59435b3ad5983b8071b62e048d4344ec38af5c3c964c350ccc79fb73363b524 45206 grub-efi-amd64_1.99-27+deb7u3_amd64.deb
 80fb135e8aab6f909622f703b86aeeae4a1c30545617bec232c3ae71b2aed06c 446902 grub-ieee1275-bin_1.99-27+deb7u3_amd64.deb
 d5fccfbbbd067e09cb59dfa2fe57fc2f9b3124b0966990d97d7a30f331f15b57 45160 grub-ieee1275_1.99-27+deb7u3_amd64.deb
 98681b4650ff82f595bc8fe1b934f255353b70d2f527995abaf6f6647ad345df 761968 grub-firmware-qemu_1.99-27+deb7u3_amd64.deb
 36d6b367f5f3ca513c7e2e16e450c7ddde6ab7042edbec8e84e5aef5fb042a9d 172390 grub-mount-udeb_1.99-27+deb7u3_amd64.udeb
Files: 
 1cf40741a7c1c9a87c6dc520000eb50d 3694 admin extra grub2_1.99-27+deb7u3.dsc
 ca9f2a2d571b57fc5c53212d1d22e2b5 4652619 admin extra grub2_1.99.orig.tar.gz
 ac6397ff393b64550cb9b92e43454b24 421366 admin extra grub2_1.99-27+deb7u3.diff.gz
 43199baecc78976ade6cecec58198bc7 2492 admin extra grub2_1.99-27+deb7u3_amd64.deb
 a6af82eaa8e84928da1b33c9a0f8b0c7 1088 admin extra grub-linuxbios_1.99-27+deb7u3_amd64.deb
 1868d38f472868be43acba2628103968 1100 admin extra grub-efi_1.99-27+deb7u3_amd64.deb
 0385f3f269cb5e9d37bbbbd6a7e81a2c 1534400 admin optional grub-common_1.99-27+deb7u3_amd64.deb
 f22052f39f40adc4a9f281867e060eb9 94322 admin optional grub2-common_1.99-27+deb7u3_amd64.deb
 52d4fdbaa121714fb16fbcf2bc4a578d 1752086 admin extra grub-emu_1.99-27+deb7u3_amd64.deb
 8e9e9e16fee3c7127fd205101f6bb822 639122 admin optional grub-pc-bin_1.99-27+deb7u3_amd64.deb
 47ba58e911e8a32ea1214eb501c32f4c 170286 admin optional grub-pc_1.99-27+deb7u3_amd64.deb
 d26d6dadf3e72271ffa3becfe8bea469 823188 admin extra grub-rescue-pc_1.99-27+deb7u3_amd64.deb
 76cb48252362c1b734bcda840fbd0542 448564 admin extra grub-coreboot-bin_1.99-27+deb7u3_amd64.deb
 76977990a8d374b55a9401251ac37e44 45134 admin extra grub-coreboot_1.99-27+deb7u3_amd64.deb
 be4d1314ded142e261f1c85240ef0c40 457042 admin extra grub-efi-ia32-bin_1.99-27+deb7u3_amd64.deb
 db0c0c6810948d20b80a0f0e9a1c19ae 45212 admin extra grub-efi-ia32_1.99-27+deb7u3_amd64.deb
 b2919e2fef39366e9cf9fd34cc824309 476372 admin extra grub-efi-amd64-bin_1.99-27+deb7u3_amd64.deb
 617423ea9bfcfabad404541d2e8eddda 45206 admin extra grub-efi-amd64_1.99-27+deb7u3_amd64.deb
 4b15b236a16f8554d5419259dbaec771 446902 admin extra grub-ieee1275-bin_1.99-27+deb7u3_amd64.deb
 4b05c13287356691cdbe92fe47b9bb1c 45160 admin extra grub-ieee1275_1.99-27+deb7u3_amd64.deb
 893e809bc55fc2b91d707672484f3d46 761968 admin extra grub-firmware-qemu_1.99-27+deb7u3_amd64.deb
 d254d81521c91b8b4c983275967f8e38 172390 debian-installer extra grub-mount-udeb_1.99-27+deb7u3_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWbzUHAAoJEN5v/bjI1ki9EjsP/A0hfuZP5C0hyWoIAys3z1po
Y+XaLjEGZ5nNaax+6Fo+Z3WLOHMTRQRXCjMiEwWY534izYwKw9am8+cX9b8uKhXV
Oi4oq6+Hzt8AluCGgvxjrTbRZXEpi9xTNOERj7P1XzagSDL4OkBwoEK7HDSBx1Ru
p4nzIozHb4dAMPJTTUE2Q/9vqr82zPO3O65iC9/Y+pSeKIGxxt3k8q4jFee44avF
9cIo0IZaW/h4Wr6wdG8746tMRgL4crJ+7Xdl+vB/mbnemKtqQnnJtaCdAoP3KYD5
+1LodT7e/+HSXRK6wJnbEFB4S+JkRCXCFmEN6j6JiqgscbeL+5y3/uSeCXlBu9w4
7gkcadVl2pU35b3XPRn1IG4pOkjaLCiIBk8mtEw+YYbRIduJrr6HbEmEwbUCuanG
pi+w+lBhbJuHjzZ4AWhMpSKCjjkqUuF7JNvHGZXhuzTQTPUwk1EhlNVqFz7hkUnL
yw0kplW7k3GBith5I2m1/DLe+wHvNU2LJrh4racXBXEMqfo+Nsijm4wl4b8fR4Cr
7MIn/bMXQfuz07TQjzgdiuLidQQSWMNVEGQ0pFyA0dC70IvwA1qTtKkts0dC6nJG
FYNR3Dlv6SR3jvIqiE2WmC8tY6D1az9Ms7v79mOkar5116xk5rLXFtGODy136GwU
BjnRyyOUaHV1R/J/jRao
=bZd3
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.