diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2024-04-09 18:55:12 +0200 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2024-04-09 15:03:34 -0400 |
| commit | 3e1394e8e6fd0071a69196230f991612a960c154 (patch) | |
| tree | 056770f996f69ce95af4b197eb14df8359c6acb9 | |
| parent | 63edf92f8ae11b884bc7d24aecb8229cbc4ae014 (diff) | |
| download | efi-boot-shim-3e1394e8e6fd0071a69196230f991612a960c154.tar.gz efi-boot-shim-3e1394e8e6fd0071a69196230f991612a960c154.zip | |
sbat: Also bump latest for grub,4 (and to todays date)
Back in January we decided to bump the SBAT level for the shim
CVE without bumping the grub level for the previous NTFS issues
- CVE-2023-4692 CVE-2023-4693 - as not every vendor was signing
the ntfs module.
Catch up on this revocation to ensure it doesn't get lost. Doing
so also allows us to remove the grub.debian,4 revocation as this
happened before grub,4 and hence is obsolete.
Also bump the date of the sbat variable to today's. Don't copy
the April 5 one to a previous selection, as it wasn't shipped
to anyone.
Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
| -rw-r--r-- | include/sbat_var_defs.h | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h index 04d708f2..5c7115b9 100644 --- a/include/sbat_var_defs.h +++ b/include/sbat_var_defs.h @@ -58,10 +58,13 @@ SBAT_VAR_AUTOMATIC_REVOCATIONS /* - * Revocations for January 2024 shim CVEs + Debian/Ubuntu (peimage) CVE-2024-2312 + * Revocations for: + * - January 2024 shim CVEs + * - October 2023 grub CVEs + * - Debian/Ubuntu (peimage) CVE-2024-2312 */ -#define SBAT_VAR_LATEST_DATE "2024040500" -#define SBAT_VAR_LATEST_REVOCATIONS "shim,4\ngrub,3\ngrub.debian,4\ngrub.peimage,2\n" +#define SBAT_VAR_LATEST_DATE "2024040900" +#define SBAT_VAR_LATEST_REVOCATIONS "shim,4\ngrub,4\ngrub.peimage,2\n" #define SBAT_VAR_LATEST \ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ SBAT_VAR_LATEST_REVOCATIONS |