Merge ~eslerm/ubuntu-cve-tracker:grub2-boilerplate into ubuntu-cve-tracker:master
Status: | Merged |
---|---|
Merged at revision: | b483091a646c3b09805831b449cac5fd66d6e547 |
Proposed branch: | ~eslerm/ubuntu-cve-tracker:grub2-boilerplate |
Merge into: | ubuntu-cve-tracker:master |
Diff against target: |
162 lines (+122/-0) 6 files modified
boilerplates/grub2 (+61/-0) boilerplates/grub2-signed (+1/-0) boilerplates/grub2-unsigned (+1/-0) boilerplates/secureboot-db (+57/-0) boilerplates/shim (+1/-0) boilerplates/shim-signed (+1/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Chris Coulson | Approve | ||
Steve Langasek (community) | Approve | ||
Alex Murray | Pending | ||
Dimitri John Ledkov | Pending | ||
Steve Beattie | Pending | ||
Review via email: mp+447456@code.launchpad.net |
Commit message
grub2* boilerplate init
trusty/esm_grub2 and trusty/
xnox suggested tracking secureboot-db on all grub cves. grub vulnerabilities and loading vulnerable-
However, the importance of secureboot-db cannot be lost. An evil housekeeper attack becomes possible as soon as *a* bypass (CVE) is found in grub2-current and this is not resolved until old keys are revoked. We have no tooling to track when this occurs. (there has never been a -security release for secureboot-db)
shim should also be tracked