Details at URL. Note that:
"Full mitigation against all CVEs will require updated shim with latest SBAT
(Secure Boot Advanced Targeting)  data provided by distros and vendors.
This time UEFI revocation list (dbx) will not be used and revocation of broken
artifacts will be done with SBAT only. For information on how to apply the
latest SBAT revocations, please see mokutil(1). Vendor shims may explicitly
permit known older boot artifacts to boot."
So I suppose we need an update for sys-boot/shim, too?
The bug has been referenced in the following commit(s):
Author: Mike Gilbert <email@example.com>
AuthorDate: 2022-06-08 01:02:45 +0000
Commit: Mike Gilbert <firstname.lastname@example.org>
CommitDate: 2022-06-08 01:02:45 +0000
sys-boot/grub: backport many patches
Signed-off-by: Mike Gilbert <email@example.com>
sys-boot/grub/Manifest | 1 +
sys-boot/grub/grub-2.06-r2.ebuild | 319 ++++++++++++++++++++++++++++++++++++++
2 files changed, 320 insertions(+)
Thank you! Please stabilize when ready.
(In reply to John Helmert III from comment #0)
> So I suppose we need an update for sys-boot/shim, too?
I doubt there are many (any?) Gentoo users that attempt to use "secure boot" via sys-boot/shim.