Age | Commit message (Collapse) | Author |
|
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in
copyString.
Backport patch from:
https://github.com/libexpat/libexpat/pull/560/commits/efcb347440ade24b9f1054671e6bd05e60b4cafd
CVE: CVE-2022-25314
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.
Backport patch from:
https://github.com/libexpat/libexpat/pull/558/commits/9b4ce651b26557f16103c3a366c91934ecd439ab
Also add patch which fixes a regression introduced in the above fix:
https://github.com/libexpat/libexpat/pull/566
CVE: CVE-2022-25313
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs.
Backport patches from:
https://github.com/libexpat/libexpat/pull/561/commits
CVE: CVE-2022-25236
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
validation of encoding, such as checks for whether a UTF-8 character
is valid in a certain context.
Backport patches from:
https://github.com/libexpat/libexpat/pull/562/commits
CVE: CVE-2022-25235
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
math/big: prevent large memory consumption in Rat.SetString
An attacker can cause unbounded memory growth in a program using (*Rat).SetString
due to an unhandled overflow.
Upstream-Status: Backport [https://go.dev/issue/50699]
CVE: CVE-2022-23772
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates
Some big.Int values that are not valid field elements (negative or overflowing)
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
may cause a panic or an invalid curve operation. Note that Unmarshal will never
return such values.
Upstream-Status: Backport [https://go.dev/issue/50974]
CVE: CVE-2022-23806
Signed-off-by:Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add patch to fix CVE-2021-36976
CVE-2021-36976 fix are provided by below mentioned pull request.
1) https://github.com/libarchive/libarchive/pull/1491
2) https://github.com/libarchive/libarchive/pull/1492
3) https://github.com/libarchive/libarchive/pull/1493
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a crash in grub's script handling. It is
a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a NULL pointer dereference in grub's
commands/ls. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a NULL pointer dereference in grub's
script/execute. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for an incorrect use of a negative value in grub's
util/glue-efi. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for incorrect casting from signed to unsigned
in grub's util/grub-editenv. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a NULL pointer dereference in grub's
util/grub-install. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a check for a NULL pointer before use in grub's
loader/xnu. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch fixes a memory leak in grub's loader/xnu when an error is
detected in grub_xnu_writetree_toheap(). It is a part of a security
series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a memory leak in grub's loader/xnu.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for checking for NULL in grub's loader/bsd.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch removes dead code from grub's gfxmenu/gui_list. It is
a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for handling malformed JPEG files in grub's
video/readers/jpeg. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a possible integer overflow in grub's
video/fb/video_fb. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for multiple integer overflows in grub's
video/fb/video_fb. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a potential integer overflow in grub's
video/fb/fbfill. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch removes an uneeded return value in grub's (static)
grub_video_gop_fill_mode_info(). It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add a fix of a memory leak in grub's commands/hashsum. It is a part
of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a memory leak in grub's normal/completion.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch fixes a memory leak in grub's syslinux parsing. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a possible NULL dereference in grub's
libgcrypt/mpi. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch fixes a possible unintended sign extension in grub's
libgcrypt/mpi. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch fixes a memory leak in grub's affs. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch fixes an error check in grub's zfsinfo. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a possible integer overflows in grub's zfs.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a memory leak in grub's path construction
in zfs. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a possible negative shift in grub's zfs.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a volume name length check in grub's
hfsplus. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch fixes a potential overflow in grub's disk/cryptodisk. It is
a part of a security series [1]
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add a fix for a memory leak in grub'd disk/ldm. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for a memory leak in grub's disk/ldm.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add a fix for a memory leak in grub's disk/ldm. It is a part of
a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This fix adds a missing check for NULL pointer from an external source
in grub's kern/partition. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds initialization of a structure in grub's zstd, which
might be left uninitialized by the compiler. It is a part of a security
series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add a fix for unnecessary assignements grub's io/lzopio. This patch
is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This patch adds a fix for an unitialized re_token in grub's gnulib.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add a fix for gnulib's regexec NULL pointer dereference. This patch
a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This change adds a fix for a NULL pointer dereference of state
in gnulib. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This change adds a fix for an unitialized token structure in gnulib.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This changes adds a fix for an unused variable issue in gnulib.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This change fixes a possible NULL pointer dereference in grub's
EFI support. It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This change fixes a memory leak on error in grub_efi_get_filename().
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This change fixes the malformed device paths in EFI handling.
Device paths of length 4 or shorter could cause different
kinds of unexpected behaviours.
This patch is NOT a part of [1], but is a dependency of one
of the patches included in the series.
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This change fixes wrong handling of argc == 0 causing a memory leak.
It is a part of a security series [1].
[1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|