From 57c0eedfa1ebf6e2132a9cb26a7b0fcdee82557f Mon Sep 17 00:00:00 2001
From: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Date: Wed, 20 Sep 2023 18:03:41 -0700
Subject: Updated Revocations for January 2024 CVEs

Since shim is inherently updated by shipping a new shim, the
latest built in revocations can include the most recent shim
revocations. Since CVE-2023-40547 is high impact, this revocation
should be available to everyone as soon as possible.

GRUB2 CVE-2023-4692 and CVE-2023-4693 are in the ntfs module that
only some vendors ship. Since some vendors did not ship an updated
GRUB2 for these issues, the revocation for these CVEs is not
included in the payload at this time.

Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
---
 include/sbat_var_defs.h | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'include')

diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h
index 772df972..8e643a4e 100644
--- a/include/sbat_var_defs.h
+++ b/include/sbat_var_defs.h
@@ -33,11 +33,10 @@
 	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n"
 
 /*
- * Debian's grub.3 update was broken - some binaries included the SBAT
- * data update but not the security patches :-(
+ * Revocations for January 2024 shim CVEs
  */
-#define SBAT_VAR_LATEST_DATE "2023012900"
-#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,3\ngrub.debian,4\n"
+#define SBAT_VAR_LATEST_DATE "2024010900"
+#define SBAT_VAR_LATEST_REVOCATIONS "shim,4\ngrub,3\ngrub.debian,4\n"
 #define SBAT_VAR_LATEST \
 	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
 	SBAT_VAR_LATEST_REVOCATIONS
-- 
cgit v1.2.3