* [Buildroot] [git commit] boot/shim: security bump to version 15.6
@ 2024-01-08 20:47 Yann E. MORIN
2024-01-13 13:24 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Yann E. MORIN @ 2024-01-08 20:47 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=f29cbc6ce3def37d7dc4d99fa2a5cbdadc6369e9
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes the following security issue:
CVE-2022-28737: There's a possible overflow in handle_image() when shim
tries to load and execute crafted EFI executables
https://github.com/advisories/GHSA-hmxr-46w2-jjwh
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
boot/shim/shim.hash | 2 +-
boot/shim/shim.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/boot/shim/shim.hash b/boot/shim/shim.hash
index a0a9f06f35..c9c489fd2f 100644
--- a/boot/shim/shim.hash
+++ b/boot/shim/shim.hash
@@ -1,3 +1,3 @@
# locally computed hash
-sha256 8344473dd10569588b8238a4656b8fab226714eea9f5363f8c410aa8a5090297 shim-15.4.tar.bz2
+sha256 eab91644a3efe91a666399f5d8eb3eed0e04d04f79d4b6c0b278ef7747a239a5 shim-15.6.tar.bz2
sha256 15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2 COPYRIGHT
diff --git a/boot/shim/shim.mk b/boot/shim/shim.mk
index 0a6d1527aa..bbef81cfc4 100644
--- a/boot/shim/shim.mk
+++ b/boot/shim/shim.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SHIM_VERSION = 15.4
+SHIM_VERSION = 15.6
SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION)
SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2
SHIM_LICENSE = BSD-2-Clause
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [git commit] boot/shim: security bump to version 15.6
2024-01-08 20:47 [Buildroot] [git commit] boot/shim: security bump to version 15.6 Yann E. MORIN
@ 2024-01-13 13:24 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2024-01-13 13:24 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=f29cbc6ce3def37d7dc4d99fa2a5cbdadc6369e9
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Fixes the following security issue:
> CVE-2022-28737: There's a possible overflow in handle_image() when shim
> tries to load and execute crafted EFI executables
> https://github.com/advisories/GHSA-hmxr-46w2-jjwh
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Committed to 2023.02.x and 2023.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-01-13 13:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-08 20:47 [Buildroot] [git commit] boot/shim: security bump to version 15.6 Yann E. MORIN
2024-01-13 13:24 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox