[ubuntu/focal-security] shim-signed 1.40.9 (Accepted)

Mark Esler mark.esler at canonical.com
Thu Sep 7 20:56:22 UTC 2023

shim-signed (1.40.9) focal; urgency=medium

  [ dann frazier ]
  * Fix arm64 issues due to hardcoding "x64" as the EFI architecture.
    (LP: #2004208)
  * is-not-revoked: Support vmlinux.gz files as used on arm64.
    (LP: #2004201)

shim-signed (1.40.8) focal; urgency=medium

  * New upstream version 15.7 (LP: #1996503)
    - SBAT level: shim,3
    - SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
      SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
  * SECURITY FIX: Buffer overflow when loading crafted EFI images.
      - CVE-2022-28737
  * debian/control: Depend on new grub versions (1.191 on lunar+, 1.187.2 elsewhere)
  * Break fwupd-signed signed with old keys
  * Check for revoked fb,mm binaries in build, grubs, fwupd in autopkgtest
  * Install both previous and latest shim as alternatives. On secure boot
    systems, if the current kernel or any newer one is revoked, the previous
    shim will continue to be used until current kernel and all newer ones
    are signed with a non-revoked key.

Date: 2023-01-31 12:20:09.066411+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Maintainer: Steve Langasek <steve.langasek at canonical.com>
Signed-By: Mark Esler <mark.esler at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list