[Buildroot] [PATCH] boot/grub2: ignore the last 3 remaining CVEs

Peter Korsgaard peter at korsgaard.com
Tue Apr 6 07:37:44 UTC 2021


>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at bootlin.com> writes:

 > An analysis of the last 3 remaining CVEs that are reported to affect
 > the grub2 package has allowed to ensure that we can safely ignore
 > them:

 >  * CVE-2020-14372 is already fixed by a patch we have in our patch
 >    stack for grub2

 >  * CVE-2019-14865 and CVE-2020-15705 are both distro-specific and do
 >    not affect grub2 upstream, nor grub2 with the stack of patches we
 >    have in Buildroot

 > Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>

Committed, thanks. Thanks for looking into it.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list