]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 972fcc0) | patch
grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775
authorXiangyu Chen <xiangyu.chen@eng.windriver.com>
Mon, 26 Dec 2022 07:16:19 +0000 (15:16 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 26 Dec 2022 18:40:36 +0000 (18:40 +0000)
commitfa5a42150098be892246146456faed778e28ef94
tree8845cf86fc82121ff9bb4c6c93799352d9db0480tree | snapshot
parent972fcc0ed1e0d36c3470071a9c667c5327c1ef78commit | diff
grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775

Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency:
font: Fix size overflow in grub_font_get_glyph_internal()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532)

Backport patch from upstream to fix following CVEs:
CVE-2022-2601: font: Fix several integer overflows in grub_font_construct_glyph()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e)
CVE-2022-3775: font: Fix an integer underflow in blit_comb()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af)

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Liwei Song <liwei.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/CVE-2022-2601.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/files/CVE-2022-3775.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/grub2.inc diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core