Michael Chang
|
e016790fe1
|
Accepting request 981228 from home:michael-chang:branches:Base:System
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
* 0001-video-Remove-trailing-whitespaces.patch
* 0002-loader-efi-chainloader-Simplify-the-loader-state.patch
* 0003-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
* 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- Fix CVE-2022-28735 (bsc#1198495)
* 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
* 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
* 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
* 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
* 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
* 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
* 0011-video-readers-png-Sanity-check-some-huffman-codes.patch
* 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
* 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
* 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
* 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
* 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
* 0017-net-ip-Do-IP-fragment-maths-safely.patch
* 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch
* 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
* 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
* 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
* 0022-net-tftp-Avoid-a-trivial-UAF.patch
* 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
OBS-URL: https://build.opensuse.org/request/show/981228
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=416
|
2022-06-08 03:04:17 +00:00 |
|