Hi, On Fri, Jul 30, 2021 at 08:55:06PM +0400, Movses Tovmasyan wrote: > Package: grub2 > Version: 2.02~beta3-5+deb9u2 > Tags: patch > > grub2 uses the obsolete version of minilua > (single-file port of Lua) which has CVE-2014-5461 > Patch attached below.
Thanks for the report. This patch does not apply to the GRUB upstream because it does not contain the Lua support. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
