The relationship between commits and CVEs is as below:
(1)CVE-2021-3695
commit <video/readers/png: Drop greyscale support to fix heap
out-of-bounds write>
(2)CVE-2021-3696
commit <video/readers/png: Avoid heap OOB R/W inserting huff table items>
(3)CVE-2021-3697
commit <video/readers/jpeg: Block int underflow -> wild pointer write>
(4)CVE-2022-28733
commit <net/ip: Do IP fragment maths safely>
(5)CVE-2022-28734
commit <net/http: Fix OOB write for split http headers>
commit <net/http: Error out on headers with LF without CR>
Test plan:
- PASS: build grub2/grub-efi.
- PASS: build-image and install and boot up on lab/qemu.
- PASS: check that the "stx.N" version number is right for both bios(grub2 ver) and uefi(grub-efi ver) boot.
Partial-Bug: #2034119
Signed-off-by: Li Zhou <email address hidden>
Change-Id: Ia27b1ee225f13e9c4ad08a0828f93ea37f8d3dfb
Reviewed: https:/ /review. opendev. org/c/starlingx /integ/ +/894002 /opendev. org/starlingx/ integ/commit/ 44f318a38d18391 a541c1bfc4bdc27 3d71fbe90c
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 44f318a38d18391 a541c1bfc4bdc27 3d71fbe90c
Author: Li Zhou <email address hidden>
Date: Tue Sep 5 13:54:52 2023 +0800
grub2/grub-efi: fix CVEs
Porting patches from grub2_2. 06-3~deb11u1 to fix below CVEs:
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
The source code of grub2_2. 06-3~deb11u1 is from: /snapshot. debian. org/archive/ debian/ 20220807T030023 Z/pool g/grub2/ grub2_2. 06-3~deb11u1. debian. tar.xz
https:/
/main/
The relationship between commits and CVEs is as below: CVE-2021- 3695 CVE-2021- 3696 CVE-2021- 3697 readers/ jpeg: Block int underflow -> wild pointer write> CVE-2022- 28733 CVE-2022- 28734
(1)
commit <video/readers/png: Drop greyscale support to fix heap
out-of-bounds write>
(2)
commit <video/readers/png: Avoid heap OOB R/W inserting huff table items>
(3)
commit <video/
(4)
commit <net/ip: Do IP fragment maths safely>
(5)
commit <net/http: Fix OOB write for split http headers>
commit <net/http: Error out on headers with LF without CR>
Test plan:
bios( grub2 ver) and uefi(grub-efi ver) boot.
- PASS: build grub2/grub-efi.
- PASS: build-image and install and boot up on lab/qemu.
- PASS: check that the "stx.N" version number is right for both
Partial-Bug: #2034119
Signed-off-by: Li Zhou <email address hidden> 9c4ad08a0828f93 ea37f8d3dfb
Change-Id: Ia27b1ee225f13e