On Tue, Mar 2, 2021 at 4:08 PM Daniel Kiper <daniel.ki...@oracle.com> wrote: > > Hi Adrian, > > On Tue, Mar 02, 2021 at 08:37:14PM +0100, John Paul Adrian Glaubitz wrote: > > Hi Daniel! > > > > On 3/2/21 7:00 PM, Daniel Kiper wrote: > > > The BootHole vulnerability [1][2] announced last year encouraged many > > > people to > > > take a closer look at the security of boot process in general and the GRUB > > > bootloader in particular. Due to that, during past few months we were > > > getting > > > reports of, and also discovering various security flaws in the GRUB > > > ourselves. > > > You can find the list of most severe ones which got CVEs assigned at the > > > end of > > > this message. The patch bundle fixing all these issues in the upstream > > > GRUB > > > contains 117 patches. > > > > Huge thanks and kudos to everyone involved fixing all these vulnerabilities! > > > > Given the amount of patches, wouldn't it make sense to push an RC candidate > > for 2.06 in the near future so that distributions can start shipping the > > pre- > > release and avoiding to carry this large amount of patches? > > I am planning to cut 2.06-rc1 in matter of days... >
Any status update on this? The delta between 2.04 and HEAD is huge, and I'd rather have a release to work from now... -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel