Summary: | <sys-boot/grub-2.06-r3: creates config file world-readable | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | base-system, floppym, gentoo |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/27288 | ||
Whiteboard: | A4 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=012331665f6d5c6f2a48b6619c54f509cd791485 commit 012331665f6d5c6f2a48b6619c54f509cd791485 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-09-16 23:08:57 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-09-16 23:10:00 +0000 sys-boot/grub: backport fix for CVE-2021-3981 Bug: https://bugs.gentoo.org/835082 Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../grub-2.06-grub-mkconfig-restore-umask.patch | 41 ++++++++++++++++++++++ .../{grub-2.06-r2.ebuild => grub-2.06-r3.ebuild} | 1 + 2 files changed, 42 insertions(+) GLSA request filed GLSA released, all done! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9800f4266b85bdfe9aee0d03b98448c864ee9537 commit 9800f4266b85bdfe9aee0d03b98448c864ee9537 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-25 13:35:30 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-25 13:42:21 +0000 [ GLSA 202209-12 ] GRUB: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/835082 Bug: https://bugs.gentoo.org/850535 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-12.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) |