[Bug 1996950] Re: CVE-2022-2601, CVE-2022-3775: font security fixes

Julian Andres Klode 1996950 at bugs.launchpad.net
Fri Jan 27 13:23:43 UTC 2023 

jammy verified as well with multipass and lxd.

Setting up grub-efi-amd64-bin (2.06-2ubuntu14) ...                                                                                                                                                                                                                                        
Setting up grub-efi-amd64-signed (1.187.2+2.06-2ubuntu14) ...                                                                                                                                                                                                                             
Trying to migrate /boot/efi into esp config                                                                                                                                                                                                                                               
Installing grub to /boot/efi.                                                                                                                                                                                                                                                             
Installing for x86_64-efi platform.                                                                                                                                                                                                                                                       
Installation finished. No error reported.      

** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1996950

Title:
  CVE-2022-2601, CVE-2022-3775: font security fixes

Status in grub2-signed package in Ubuntu:
  Fix Released
Status in grub2-unsigned package in Ubuntu:
  Fix Released
Status in grub2-signed source package in Bionic:
  New
Status in grub2-unsigned source package in Bionic:
  Fix Committed
Status in grub2-signed source package in Focal:
  Fix Released
Status in grub2-unsigned source package in Focal:
  Fix Committed
Status in grub2-signed source package in Jammy:
  New
Status in grub2-unsigned source package in Jammy:
  Fix Committed
Status in grub2-signed source package in Kinetic:
  New
Status in grub2-unsigned source package in Kinetic:
  Fix Committed
Status in grub2-signed source package in Lunar:
  Fix Released
Status in grub2-unsigned source package in Lunar:
  Fix Released

Bug description:
  [Impact]
  security update staged in updates

  [Test plan]
  Boot it on multiple systems. Notably juliank will be doing semi-automated testing in QEMU that does chainbooting over network (shim->grub->shim->grub); and boots on T14 G3 AMD and an XPS 13; chrisccoulson did his own security testing before that.

  [Where problems could occur]
  Font loading is disabled, could cause rendering issues

  Unicode font stuffed in xz squashfs, could cause more memory issues
  during boot

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1996950/+subscriptions

More information about the foundations-bugs mailing list