@@ -1,3 +1,3 @@
# locally computed hash
-sha256 eab91644a3efe91a666399f5d8eb3eed0e04d04f79d4b6c0b278ef7747a239a5 shim-15.6.tar.bz2
+sha256 a79f0a9b89f3681ab384865b1a46ab3f79d88b11b4ca59aa040ab03fffae80a9 shim-15.8.tar.bz2
sha256 15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2 COPYRIGHT
@@ -4,7 +4,7 @@
#
################################################################################
-SHIM_VERSION = 15.6
+SHIM_VERSION = 15.8
SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION)
SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2
SHIM_LICENSE = BSD-2-Clause
Fixes the following security issues: CVE-2023-40546 mok: fix LogError() invocation CVE-2023-40547 - avoid incorrectly trusting HTTP headers CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system CVE-2023-40549 Authenticode: verify that the signature header is in bounds. CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat() CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries https://github.com/rhboot/shim/tree/15.8 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- boot/shim/shim.hash | 2 +- boot/shim/shim.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)