Comment 3 for bug 2034119

Reviewed: https://review.opendev.org/c/starlingx/integ/+/894002
Committed: https://opendev.org/starlingx/integ/commit/44f318a38d18391a541c1bfc4bdc273d71fbe90c
Submitter: "Zuul (22348)"
Branch: master

commit 44f318a38d18391a541c1bfc4bdc273d71fbe90c
Author: Li Zhou <email address hidden>
Date: Tue Sep 5 13:54:52 2023 +0800

    grub2/grub-efi: fix CVEs

    Porting patches from grub2_2.06-3~deb11u1 to fix below CVEs:
    CVE-2021-3695
    CVE-2021-3696
    CVE-2021-3697
    CVE-2022-28733
    CVE-2022-28734

    The source code of grub2_2.06-3~deb11u1 is from:
    https://snapshot.debian.org/archive/debian/20220807T030023Z/pool
    /main/g/grub2/grub2_2.06-3~deb11u1.debian.tar.xz

    The relationship between commits and CVEs is as below:
    (1)CVE-2021-3695
    commit <video/readers/png: Drop greyscale support to fix heap
    out-of-bounds write>
    (2)CVE-2021-3696
    commit <video/readers/png: Avoid heap OOB R/W inserting huff table items>
    (3)CVE-2021-3697
    commit <video/readers/jpeg: Block int underflow -> wild pointer write>
    (4)CVE-2022-28733
    commit <net/ip: Do IP fragment maths safely>
    (5)CVE-2022-28734
    commit <net/http: Fix OOB write for split http headers>
    commit <net/http: Error out on headers with LF without CR>

    Test plan:
     - PASS: build grub2/grub-efi.
     - PASS: build-image and install and boot up on lab/qemu.
     - PASS: check that the "stx.N" version number is right for both
             bios(grub2 ver) and uefi(grub-efi ver) boot.

    Partial-Bug: #2034119

    Signed-off-by: Li Zhou <email address hidden>
    Change-Id: Ia27b1ee225f13e9c4ad08a0828f93ea37f8d3dfb