[Bug 1996950] Re: CVE-2022-2601, CVE-2022-3775: font security fixes

[Julian Andres Klode]

I have also triggered autopkgtests for hello on kinetic, jammy, focal;
and gzip on bionic with both grub2-signed and grub2-unsigned triggers;
this will upgrade the grubs and reboot prior to running tests, ensuring
that we can boot correctly on autopkgtest infra.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1996950

Title:
  CVE-2022-2601, CVE-2022-3775: font security fixes

Status in grub2-signed package in Ubuntu:
  Fix Released
Status in grub2-unsigned package in Ubuntu:
  Fix Released
Status in grub2-signed source package in Bionic:
  New
Status in grub2-unsigned source package in Bionic:
  Fix Committed
Status in grub2-signed source package in Focal:
  Fix Released
Status in grub2-unsigned source package in Focal:
  Fix Committed
Status in grub2-signed source package in Jammy:
  New
Status in grub2-unsigned source package in Jammy:
  Fix Committed
Status in grub2-signed source package in Kinetic:
  New
Status in grub2-unsigned source package in Kinetic:
  Fix Committed
Status in grub2-signed source package in Lunar:
  Fix Released
Status in grub2-unsigned source package in Lunar:
  Fix Released

Bug description:
  [Impact]
  security update staged in updates

  [Test plan]
  Boot it on multiple systems. Notably juliank will be doing semi-automated testing in QEMU that does chainbooting over network (shim->grub->shim->grub); and boots on T14 G3 AMD and an XPS 13; chrisccoulson did his own security testing before that.

  [Where problems could occur]
  Font loading is disabled, could cause rendering issues

  Unicode font stuffed in xz squashfs, could cause more memory issues
  during boot

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1996950/+subscriptions