Your message dated Mon, 06 May 2024 13:04:59 +0000
with message-id <e1s3y1b-008gaa...@fasolo.debian.org>
and subject line Bug#1069054: fixed in shim 15.8-1
has caused the Debian Bug report #1069054,
regarding shim: install ca for secure boot
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1069054: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069054
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: shim
Severity: minor
Dear Maintainer,
Could you install the ca used for secure boot somewhere in the tree ?
It will help to check by autopkgtest the ca chain
Bastien
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: shim
Source-Version: 15.8-1
Done: Steve McIntyre <93...@debian.org>
We believe that the bug you reported is fixed in the latest version of
shim, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1069...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <93...@debian.org> (supplier of updated shim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 04 May 2024 23:29:52 +0100
Source: shim
Architecture: source
Version: 15.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian EFI team <debian-...@lists.debian.org>
Changed-By: Steve McIntyre <93...@debian.org>
Closes: 936009 1043485 1046268 1054210 1057606 1061519 1064220 1069054
Changes:
shim (15.8-1) unstable; urgency=medium
.
[ Steve McIntyre ]
* Cope with changes in pesign packaging. Closes: #1057606
* New upstream release fixing more bugs. Closes: #1061519, #1064220
+ CVE-2023-40546 mok: fix LogError() invocation (Closes: #1054210)
+ CVE-2023-40547 - avoid incorrectly trusting HTTP headers
+ CVE-2023-40548 Fix integer overflow on SBAT section size on
32-bit system
+ CVE-2023-40549 Authenticode: verify that the signature header is
in bounds.
+ CVE-2023-40550 pe: Fix an out-of-bound read in
verify_buffer_sbat()
+ CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
* Remove all our previous patches, no longer needed:
+ Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now
upstream)
+ Enable-NX.patch (we don't want NX just yet until the whole boot
stack is NX-capable)
+ block-grub-sbat3-debian.patch (not needed now upstream grub SBAT
is 4)
* Cherry-pick 2 new patches from upstream for grub revocations:
+ 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch
+ 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch
* NOTE: Stop building for i386
+ Debian kernels are no longer signed for i386, it's time to stop
supporting i386 SB.
* Log if the build is nx-compatible or not
* Force shim to use the latest revocations by default to block some
older grub / peimage issues. This is:
"shim,4\ngrub,4\ngrub.peimage,2\n"
* Install a copy of the Debian CA certificate into /usr/share/shim.
Closes: #1069054
* Clean up better after build. Closes: #1046268
.
[ Bastien Roucariès ]
* Port autopkgtest from ubuntu
* Import MR-12: "shim-unsigned:amd64 cannot be installed alongside
shim-unsigned:i386", thanks to adrian15 adrian15 (Closes: #936009).
* Fix debian/watch and check signature (Closes: #1043485)
Checksums-Sha1:
8a2d725f65087e1a6c7f012c4c70666666fef4f3 2490 shim_15.8-1.dsc
cdec924ca437a4509dcb178396996ddf92c11183 2315201 shim_15.8.orig.tar.bz2
5b62d9edbaad7ece7546868dfd6e6e5be42de236 59308 shim_15.8-1.debian.tar.xz
062041702d5cdb3828fb0e3bdecf6515fa1a7062 7121 shim_15.8-1_source.buildinfo
Checksums-Sha256:
65ca82c131a66362a0bb222497eebbca5d64ba9efd44738d7889eb0500b5e4fa 2490
shim_15.8-1.dsc
a79f0a9b89f3681ab384865b1a46ab3f79d88b11b4ca59aa040ab03fffae80a9 2315201
shim_15.8.orig.tar.bz2
fad222c56f31a20b65753f16c66e270082295a2cccf2909686a980f19be665de 59308
shim_15.8-1.debian.tar.xz
647867dea6c5dc9d7d5d59fa70629f322379593675a7ccc3667d2dc2f1024b03 7121
shim_15.8-1_source.buildinfo
Files:
96fd60cb002486370c4176382044041e 2490 admin optional shim_15.8-1.dsc
a9452c2e6fafe4e1b87ab2e1cac9ec00 2315201 admin optional shim_15.8.orig.tar.bz2
4689fb8317f8a9a5ca53107743d67a27 59308 admin optional shim_15.8-1.debian.tar.xz
66bbd0b3ac2a98555d32f3f47ca1fb7e 7121 admin optional
shim_15.8-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmY40QURHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE6F5Q/9F2uB+m9hTJDk2PIn5LAn8b39vBzYkoju
lirfsA/FJzygJR+qJQG70nrPe+TutO8BFPdo+yhfc2G9RdLd3CXsslkl6QdNpTau
LUc4FRMzHsis3Wn/7BO8WZPzPBf+2N/NUucIe02h+6gabpiXqpwt5EZf6WTGUC8D
LOinr/l3iDDoymjogTBvp0PMEph0luqE95deOeXmJ6CbLQ2Ozzi40g47E4uUQ4ao
jGD6yPk3PulHdaW8oXbab14e94akfrXUe0P26Y8oUUji+6mRtfckNWjhY78udMwD
Cxy8gTULqPdDfjjGleVDppD+C2+pGTNs3tCPr1PdM9XOjlm0bGHzDNSkeOc39eA9
CZvOvXmQ/V9qG8puj5U1Bh+S5dPjP//gKpKnnowAc/fgMaWjP+Li/hW7TTvnilxi
vMhQ6XizySj3DDEkCvGK1uH2Z75ryTsAbT3WmL9KubxKrWDGImMJKYs7soePGwPL
VDFaPqEBKhAwlXO3nBDJWqSOP/QoQmAxZ6x0P7z4nLcnKK2KS9eWuFt9cBawuPYE
XwDIcAFoLXyFuZGlQFinBElvdIYbreS7LGm9zKkBQDWpmu01HcT0WAlhd6fNVMOk
CnT5Pg1KTUtSmyauYoc4CmcBmipH2fKCdJIFVtAaeU8qVcIV77RS46y2XnhGVst8
aJ4tOJYtaAk=
=+QSm
-----END PGP SIGNATURE-----
pgpAvkhc_l5fG.pgp
Description: PGP signature
--- End Message ---
