diff options
| author | Jan Setje-Eilers <jan.setjeeilers@oracle.com> | 2023-09-20 18:03:41 -0700 |
|---|---|---|
| committer | Jan Setje-Eilers <jan.setjeeilers@oracle.com> | 2024-01-17 11:49:38 -0800 |
| commit | 57c0eedfa1ebf6e2132a9cb26a7b0fcdee82557f (patch) | |
| tree | 8553e955e2bc55b18fb541f45efea3a1d0e58b66 /include | |
| parent | 6f0c8d2c920c82359f231205b26eb4ddd3718e1d (diff) | |
| download | efi-boot-shim-57c0eedfa1ebf6e2132a9cb26a7b0fcdee82557f.tar.gz efi-boot-shim-57c0eedfa1ebf6e2132a9cb26a7b0fcdee82557f.zip | |
Updated Revocations for January 2024 CVEs
Since shim is inherently updated by shipping a new shim, the
latest built in revocations can include the most recent shim
revocations. Since CVE-2023-40547 is high impact, this revocation
should be available to everyone as soon as possible.
GRUB2 CVE-2023-4692 and CVE-2023-4693 are in the ntfs module that
only some vendors ship. Since some vendors did not ship an updated
GRUB2 for these issues, the revocation for these CVEs is not
included in the payload at this time.
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/sbat_var_defs.h | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h index 772df972..8e643a4e 100644 --- a/include/sbat_var_defs.h +++ b/include/sbat_var_defs.h @@ -33,11 +33,10 @@ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" /* - * Debian's grub.3 update was broken - some binaries included the SBAT - * data update but not the security patches :-( + * Revocations for January 2024 shim CVEs */ -#define SBAT_VAR_LATEST_DATE "2023012900" -#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,3\ngrub.debian,4\n" +#define SBAT_VAR_LATEST_DATE "2024010900" +#define SBAT_VAR_LATEST_REVOCATIONS "shim,4\ngrub,3\ngrub.debian,4\n" #define SBAT_VAR_LATEST \ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ SBAT_VAR_LATEST_REVOCATIONS |