From ${URL} : The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. Upstream patch: https://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This commit was included in GRUB 2.02~beta1. There are no affected versions of sys-boot/grub:2 in the Gentoo repository. The relevant code does not exist in sys-boot/grub:0.
thanks, so to make sure understanding is correct; we've had a fixed version in tree since -*grub-2.02_beta1 (19 Dec 2013) - - 19 Dec 2013; Mike Gilbert <floppym@gentoo.org> +grub-2.02_beta1.ebuild, - grub-9999-r1.ebuild: - Version bump. this was never stable, but _beta2-r3 got stable in bug 522314, so correct resolving has vulnerable <sys-boot/grub-2.02_beta2-r3 (arguably it was fixed for amd64 in -r0 but due to premature stop of stabilization process after single arch in favor of new revision and the timeline involved I'm ignoring that to ensure consistency across arches)
(In reply to Kristian Fiskerstrand from comment #2) I haven't verified all that, but it sounds about right.
(In reply to Mike Gilbert from comment #3) > (In reply to Kristian Fiskerstrand from comment #2) > > I haven't verified all that, but it sounds about right. sounds good, then the affected range is already covered by https://security.gentoo.org/glsa/201512-03 so no direct need to issue a GLSA for the particular issue, so if I get a 2nd vote from another security member I propose we tag this as [noglsa]
CVE-2017-9763 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9763): The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
Second vote for noglsa. All done, repository is clean. Closing as "OBSOLETE" because vulnerability is valid but was already addressed.