#47185 grub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 and CVE-2021-3418

Received: (at submit) by debbugs.gnu.org; 16 Mar 2021 08:09:09 +0000
From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 16 04:09:07 2021
Received: from localhost ([127.0.0.1]:38077 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lM4l8-00055t-NJ
	for submit@debbugs.gnu.org; Tue, 16 Mar 2021 04:09:06 -0400
Received: from lists.gnu.org ([209.51.188.17]:58936)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@zaclys.net>) id 1lM4kq-00051M-0l
 for submit@debbugs.gnu.org; Tue, 16 Mar 2021 04:08:48 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:38188)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@zaclys.net>)
 id 1lM4kp-0007C2-IY
 for bug-guix@gnu.org; Tue, 16 Mar 2021 04:08:39 -0400
Received: from mail.zaclys.net ([178.33.93.72]:34647)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@zaclys.net>)
 id 1lM4kk-0005HW-ST
 for bug-guix@gnu.org; Tue, 16 Mar 2021 04:08:39 -0400
Received: from guix-xps.local (82-64-145-38.subs.proxad.net [82.64.145.38])
 (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12G88W4L014386
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <bug-guix@gnu.org>; Tue, 16 Mar 2021 09:08:32 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12G88W4L014386
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@zaclys.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1615882112;
 bh=iQ0mE4+Ex2rkynSlRXF/xvFRnOOEcTfsRIB0f27HkMk=;
 h=Subject:From:To:Date:From;
 b=iTeblbFEtcMpXu5t7650hRYEmIqqGm5WdWUv6wG/XqDlp+kLP6wIQaOfICk6sJK2X
 GW6ea6+mWOk8Wjpe2vQR6NT0/edH2yRh5MidN11qF0S5YGmtkqDSFAjzYJ+YcMX+94
 +SFRwALoQ3hWkt6b7XFisrnw0Hiug2xm6wZgymog=
Message-ID: <ba69ba4020b40dfa182174ea2395cf17195512d5.camel@zaclys.net>
Subject: grub2 package is vulnerable to CVE-2020-14372, CVE-2020-25632,
 CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225,
 CVE-2021-20233 and CVE-2021-3418
From: Léo Le Bouter <lle-bout@zaclys.net>
To: bug-guix@gnu.org
Date: Tue, 16 Mar 2021 09:08:31 +0100
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-pU+8X2Uhm7Uo1IGzq6HE"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net;
 helo=mail.zaclys.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)