On 7/29/20 10:12 PM, Christian Hesse wrote: > This does not apply on top of grub 2.04. Will downstream maintainers have to > do their cherry-picking on its own or will a maintenance branch on top of > grub-2.04 (or what ever) be available? > I would like to push updates to the Arch Linux repositories.
You may want to look at the Debian package which already has the patches applied in Debian unstable [1]. I'm surprised that Arch did not receive a disclosure of the vulnerabilities under NDA since Debian and the various enterprise distributions have it already. Adrian > [1] https://salsa.debian.org/grub-team/grub/-/tree/master/debian/patches -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel