Leo Famulari <l...@famulari.name> skribis: > This patch for Grub2 fixes CVE-2015-8370 [0][1]. The source of the patch > is [0]. > > One thing to note is that there doesn't seem to be any response from > upstream, yet. However, at least some distros are applying the patch > [2][3]. > > AFAIK, GuixSD doesn't support authenticated Grub yet, so this > vulnerability doesn't manifest itself.
Right, but still worth fixing. And perhaps someone will get the idea of adding authentication in our GRUB support code? :-) > I tested this patch on bare-metal i686, like this: Thanks for testing and explaining how you tested it. Leo Famulari <l...@famulari.name> skribis: > * gnu/packages/patches/grub-CVE-2015-8370.patch: New file. > * gnu/packages/grub.scm: Apply patch. > --- > gnu/packages/grub.scm | 4 ++- > gnu/packages/patches/grub-CVE-2015-8370.patch | 45 > +++++++++++++++++++++++++++ > 2 files changed, 48 insertions(+), 1 deletion(-) Please make sure to add the patch to gnu-system.am. OK to push with this change. Thank you! Ludo’.
