[Bug 2029518] [NEW] Publish grub updates to security
Dimitri John Ledkov
2029518 at bugs.launchpad.net
Thu Aug 3 17:03:54 UTC 2023
*** This bug is a security vulnerability ***
Public security bug reported:
grub updates are built against security only (as can be checked in the
build log), published to proposed, updates to complete SRU process and
phasing, with intention to publish to security.
In theory this should be done, once phasing on these packages is
complete.
But I don't believe we have any automated process to detect that today.
As brought up by Mark Esler, here is explicit promotion request:
$ rmadison grub2-signed | grep updates
grub2-signed | 1.187.3~20.04.1 | focal-updates | source
grub2-signed | 1.187.3~22.04.1 | jammy-updates | source
$ rmadison grub2-unsigned | grep updates
grub2-unsigned | 2.06-2ubuntu14.1 | focal-updates | source
grub2-unsigned | 2.06-2ubuntu14.1 | jammy-updates | source
$ rmadison shim | grep updates
shim | 15.7-0ubuntu1 | focal-updates | source, amd64, arm64
shim | 15.7-0ubuntu1 | jammy-updates | source, amd64, arm64
$ rmadison shim-signed | grep updates | grep source
shim-signed | 1.40.9 | focal-updates | source
shim-signed | 1.51.3 | jammy-updates | source
Please promote respective packages above to the respective security pocket.
** Affects: grub2-signed (Ubuntu)
Importance: Undecided
Status: New
** Affects: grub2-unsigned (Ubuntu)
Importance: Undecided
Status: New
** Affects: shim (Ubuntu)
Importance: Undecided
Status: New
** Affects: shim-signed (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Public to Public Security
** Also affects: grub2-signed (Ubuntu)
Importance: Undecided
Status: New
** Also affects: shim (Ubuntu)
Importance: Undecided
Status: New
** Also affects: shim-signed (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-unsigned in Ubuntu.
https://bugs.launchpad.net/bugs/2029518
Title:
Publish grub updates to security
Status in grub2-signed package in Ubuntu:
New
Status in grub2-unsigned package in Ubuntu:
New
Status in shim package in Ubuntu:
New
Status in shim-signed package in Ubuntu:
New
Bug description:
grub updates are built against security only (as can be checked in the
build log), published to proposed, updates to complete SRU process and
phasing, with intention to publish to security.
In theory this should be done, once phasing on these packages is
complete.
But I don't believe we have any automated process to detect that
today.
As brought up by Mark Esler, here is explicit promotion request:
$ rmadison grub2-signed | grep updates
grub2-signed | 1.187.3~20.04.1 | focal-updates | source
grub2-signed | 1.187.3~22.04.1 | jammy-updates | source
$ rmadison grub2-unsigned | grep updates
grub2-unsigned | 2.06-2ubuntu14.1 | focal-updates | source
grub2-unsigned | 2.06-2ubuntu14.1 | jammy-updates | source
$ rmadison shim | grep updates
shim | 15.7-0ubuntu1 | focal-updates | source, amd64, arm64
shim | 15.7-0ubuntu1 | jammy-updates | source, amd64, arm64
$ rmadison shim-signed | grep updates | grep source
shim-signed | 1.40.9 | focal-updates | source
shim-signed | 1.51.3 | jammy-updates | source
Please promote respective packages above to the respective security pocket.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/2029518/+subscriptions
More information about the foundations-bugs
mailing list