[Bug 1996950] Re: CVE-2022-2601, CVE-2022-3775: font security fixes

Julian Andres Klode 1996950 at bugs.launchpad.net
Fri Jan 27 11:33:09 UTC 2023 

I grabbed the signed binary for 2.06-2ubuntu14 from kinetic and
netbooting worked fine. The other binaries are identical to that one
except signature, so I'll refrain from fetching each deb manually as we
only test chainloading compatability in that test case.

I have also run the kinetic grub with the new shim on my T14 G3 which
booted nicely, hooray.

dannf also booted the focal 2.06 upload in at least one fancy machine.

Up next, I'll boot entire systems in VMs to finish validation.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1996950

Title:
  CVE-2022-2601, CVE-2022-3775: font security fixes

Status in grub2-signed package in Ubuntu:
  Fix Released
Status in grub2-unsigned package in Ubuntu:
  Fix Released
Status in grub2-signed source package in Bionic:
  New
Status in grub2-unsigned source package in Bionic:
  Fix Committed
Status in grub2-signed source package in Focal:
  Fix Released
Status in grub2-unsigned source package in Focal:
  Fix Committed
Status in grub2-signed source package in Jammy:
  New
Status in grub2-unsigned source package in Jammy:
  Fix Committed
Status in grub2-signed source package in Kinetic:
  New
Status in grub2-unsigned source package in Kinetic:
  Fix Committed
Status in grub2-signed source package in Lunar:
  Fix Released
Status in grub2-unsigned source package in Lunar:
  Fix Released

Bug description:
  [Impact]
  security update staged in updates

  [Test plan]
  Boot it on multiple systems. Notably juliank will be doing semi-automated testing in QEMU that does chainbooting over network (shim->grub->shim->grub); and boots on T14 G3 AMD and an XPS 13; chrisccoulson did his own security testing before that.

  [Where problems could occur]
  Font loading is disabled, could cause rendering issues

  Unicode font stuffed in xz squashfs, could cause more memory issues
  during boot

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1996950/+subscriptions

More information about the foundations-bugs mailing list