[Buildroot] [PATCH] boot/grub2: ignore the last 3 remaining CVEs
Peter Korsgaard
peter at korsgaard.com
Tue Apr 6 11:08:26 UTC 2021
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at bootlin.com> writes:
> An analysis of the last 3 remaining CVEs that are reported to affect
> the grub2 package has allowed to ensure that we can safely ignore
> them:
> * CVE-2020-14372 is already fixed by a patch we have in our patch
> stack for grub2
> * CVE-2019-14865 and CVE-2020-15705 are both distro-specific and do
> not affect grub2 upstream, nor grub2 with the stack of patches we
> have in Buildroot
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list