From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D73BF33802 for ; Tue, 17 Mar 2026 06:24:18 +0000 (UTC) Subject: Re: [kirkstone][PATCH] grub: fix CVE-2025-54770 To: openembedded-core@lists.openembedded.org From: "Hitendra Prajapati" X-Originating-Location: Vadodara, Gujarat, IN (152.59.0.115) X-Originating-Platform: Linux Firefox 136 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Mon, 16 Mar 2026 23:24:11 -0700 References: <20260305121517.15675-1-hprajapati@mvista.com> In-Reply-To: Message-ID: <411950.1773728651584044067@lists.openembedded.org> Content-Type: multipart/alternative; boundary="BEGwGvDYAkIA30cVepNU" List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 17 Mar 2026 06:24:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/233301 --BEGwGvDYAkIA30cVepNU Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi , Yes before this patches , code is vulnerable. see [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-54770 I just back port the solution from commit from Debian link given in [1]. please check it. Regards, Hitendra --BEGwGvDYAkIA30cVepNU Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable
Hi ,
Yes before this patches , code is vulnerable. see [1].
 
 
I just back port the solution from commit from Debian link given in [1= ].
 
please check it.
 
Regards,
Hitendra
--BEGwGvDYAkIA30cVepNU--