From: Christian Hesse <list@eworm.de>
To: Daniel Kiper via Grub-devel <grub-devel@gnu.org>
Cc: Daniel Kiper <daniel.kiper@oracle.com>,
alec.r.brown@oracle.com, b@horn.uk, dja@axtens.net,
jan.setjeeilers@oracle.com, jonathanbaror@gmail.com,
lidong.chen@oracle.com, mbenatto@redhat.com, mchang@suse.com,
nils@langius.de, ross.philipson@oracle.com
Subject: Re: [SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18
Date: Thu, 27 Feb 2025 11:03:44 +0100 [thread overview]
Message-ID: <20250227110344.45e8320b@leda.eworm.net> (raw)
In-Reply-To: <Z7yDi8feZKYOQexq@tomti.i.net-space.pl>
[-- Attachment #1.1: Type: text/plain, Size: 1063 bytes --]
Daniel Kiper via Grub-devel <grub-devel@gnu.org> on Mon, 2025/02/24 15:34:
> > [...]
> > The current situation is just insane.
>
> I can understand your frustration but I am afraid we are not able to do
> much about it at this point. Sorry... We have problems with finding
> people doing security patches, forward porting, reviews, tests, etc.
> So, simply we do not have resources to maintain point releases either.
> Though if somebody wants step up and make it I am happy with that...
Well, that is... unfortunate.
But I can understand that, my time is limited as well.
Anyway... Any chance for better communication? Would be nice to have
information and access to the changes in advance (under embargo). That way we
could at least test and evaluation without pressure before pushing anything.
Thanks!
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];)
putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 141 bytes --]
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2025-02-27 10:04 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-18 18:00 [SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18 Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 01/73] misc: Implement grub_strlcpy() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 02/73] fs/ufs: Fix a heap OOB write Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 03/73] fs/hfs: Fix stack OOB write with grub_strcpy() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 04/73] fs/tar: Initialize name in grub_cpio_find_file() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 05/73] fs/tar: Integer overflow leads to heap OOB write Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 06/73] fs/f2fs: Set a grub_errno if mount fails Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 07/73] fs/hfsplus: " Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 08/73] fs/iso9660: " Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 09/73] fs/iso9660: Fix invalid free Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 10/73] fs/jfs: Fix OOB read in jfs_getent() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 11/73] fs/jfs: Fix OOB read caused by invalid dir slot index Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 12/73] fs/jfs: Use full 40 bits offset and address for a data extent Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 13/73] fs/jfs: Inconsistent signed/unsigned types usage in return values Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 14/73] fs/ext2: Fix out-of-bounds read for inline extents Daniel Kiper via Grub-devel
2025-02-21 1:15 ` Michael Chang via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 15/73] fs/ntfs: Fix out-of-bounds read Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 16/73] fs/ntfs: Track the end of the MFT attribute buffer Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 17/73] fs/ntfs: Use a helper function to access attributes Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 18/73] fs/ntfs: Implement attribute verification Daniel Kiper via Grub-devel
2025-02-28 9:55 ` Andreas Klauer
2025-02-28 13:04 ` Daniel Kiper via Grub-devel
2025-03-01 22:43 ` Glenn Washburn
2025-03-02 8:09 ` Thomas Schmitt via Grub-devel
2025-03-02 8:41 ` Thomas Schmitt via Grub-devel
2025-03-03 8:17 ` Glenn Washburn
2025-03-03 9:32 ` Thomas Schmitt via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 19/73] fs/xfs: Fix out-of-bounds read Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 20/73] fs/xfs: Ensuring failing to mount sets a grub_errno Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 21/73] kern/file: Ensure file->data is set Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 22/73] kern/file: Implement filesystem reference counting Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 23/73] disk/cryptodisk: Require authentication after TPM unlock for CLI access Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 24/73] disk/loopback: Reference tracking for the loopback Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 25/73] kern/disk: Limit recursion depth Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 26/73] kern/partition: Limit recursion in part_iterate() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 27/73] script/execute: Limit the recursion depth Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 28/73] net: Unregister net_default_ip and net_default_mac variables hooks on unload Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 29/73] net: Remove variables hooks when interface is unregisted Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 30/73] net: Fix OOB write in grub_net_search_config_file() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 31/73] net/tftp: Fix stack buffer overflow in tftp_open() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 32/73] video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 33/73] kern/dl: Fix for an integer overflow in grub_dl_ref() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 34/73] kern/dl: Use correct segment in grub_dl_set_mem_attrs() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 35/73] kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols() Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 36/73] commands/extcmd: Missing check for failed allocation Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 37/73] commands/ls: Fix NULL dereference Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 38/73] commands/pgp: Unregister the "check_signatures" hooks on module unload Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 39/73] normal: Remove variables " Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 40/73] gettext: " Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 41/73] gettext: Integer overflow leads to heap OOB write or read Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 42/73] gettext: Integer overflow leads to heap OOB write Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 43/73] commands/read: Fix an integer overflow when supplying more than 2^31 characters Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 44/73] commands/test: Stack overflow due to unlimited recursion depth Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 45/73] commands/minicmd: Block the dump command in lockdown mode Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 46/73] commands/memrw: Disable memory reading " Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 47/73] commands/hexdump: " Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 48/73] fs/bfs: Disable under lockdown Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 49/73] fs: Disable many filesystems " Daniel Kiper via Grub-devel
2025-02-19 8:15 ` Petr Řehák
2025-02-20 16:43 ` Daniel Kiper
2025-02-21 11:20 ` Pascal Hambourg
2025-02-24 14:16 ` Daniel Kiper
2025-03-02 17:11 ` Andrew Hamilton
2025-02-19 15:43 ` Andrew Hamilton
2025-02-24 14:18 ` Daniel Kiper via Grub-devel
2025-02-24 19:30 ` Andrew Hamilton
2025-10-21 9:12 ` Joseph Lee via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 50/73] disk: Use safe math macros to prevent overflows Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 51/73] disk: Prevent overflows when allocating memory for arrays Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 52/73] disk: Check if returned pointer for allocated memory is NULL Daniel Kiper via Grub-devel
2025-02-18 18:00 ` [SECURITY PATCH 53/73] disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 54/73] fs: Use safe math macros to prevent overflows Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 55/73] fs: Prevent overflows when allocating memory for arrays Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 56/73] fs: Prevent overflows when assigning returned values from read_number() Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 57/73] fs/zfs: Use safe math macros to prevent overflows Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 58/73] fs/zfs: Prevent overflows when allocating memory for arrays Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 59/73] fs/zfs: Check if returned pointer for allocated memory is NULL Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 60/73] fs/zfs: Add missing NULL check after grub_strdup() call Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 61/73] net: Use safe math macros to prevent overflows Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 62/73] net: Prevent overflows when allocating memory for arrays Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 63/73] net: Check if returned pointer for allocated memory is NULL Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 64/73] fs/sfs: Check if " Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 65/73] script/execute: Fix potential underflow and NULL dereference Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 66/73] osdep/unix/getroot: Fix potential underflow Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 67/73] misc: Ensure consistent overflow error messages Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 68/73] bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 69/73] normal/menu: Use safe math to avoid an integer overflow Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 70/73] kern/partition: Add sanity check after grub_strtoul() call Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 71/73] kern/misc: " Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 72/73] loader/i386/linux: Cast left shift to grub_uint32_t Daniel Kiper via Grub-devel
2025-02-18 18:01 ` [SECURITY PATCH 73/73] loader/i386/bsd: Use safe math to avoid underflow Daniel Kiper via Grub-devel
2025-02-18 18:26 ` [SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18 Tobias Powalowski via Grub-devel
2025-02-24 15:08 ` Daniel Kiper
2025-02-18 19:33 ` Didier Spaier via Grub-devel
2025-02-19 12:03 ` Daniel Kiper via Grub-devel
2025-02-19 13:48 ` Didier Spaier via Grub-devel
2025-02-21 10:06 ` Christian Hesse
2025-02-24 14:34 ` Daniel Kiper via Grub-devel
2025-02-27 10:03 ` Christian Hesse [this message]
2025-02-28 12:57 ` Daniel Kiper via Grub-devel
2025-03-03 7:55 ` Christian Hesse
2025-03-04 12:57 ` Daniel Kiper via Grub-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250227110344.45e8320b@leda.eworm.net \
--to=list@eworm.de \
--cc=alec.r.brown@oracle.com \
--cc=b@horn.uk \
--cc=daniel.kiper@oracle.com \
--cc=dja@axtens.net \
--cc=grub-devel@gnu.org \
--cc=jan.setjeeilers@oracle.com \
--cc=jonathanbaror@gmail.com \
--cc=lidong.chen@oracle.com \
--cc=mbenatto@redhat.com \
--cc=mchang@suse.com \
--cc=nils@langius.de \
--cc=ross.philipson@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.