include/sbat_var_defs.h | 8 5 3 - 0 !
1 file changed, 5 insertions( ), 3 deletions(-)

 [patch 1/2] sbat: add grub.peimage,2 to latest (cve-2024-2312)

Add the previous latest level to the switch for automatic.

Signed-off-by: Julian Andres Klode <[email protected]>

include/sbat_var_defs.h | 9 6 3 - 0 !
1 file changed, 6 insertions( ), 3 deletions(-)

 [patch 2/2] sbat: also bump latest for grub,4 (and to todays date)

Back in January we decided to bump the SBAT level for the shim
CVE without bumping the grub level for the previous NTFS issues
- CVE-2023-4692 CVE-2023-4693 - as not every vendor was signing
the ntfs module.

Catch up on this revocation to ensure it doesn't get lost. Doing
so also allows us to remove the grub.debian,4 revocation as this
happened before grub,4 and hence is obsolete.

Also bump the date of the sbat variable to today's. Don't copy
the April 5 one to a previous selection, as it wasn't shipped
to anyone.

Signed-off-by: Julian Andres Klode <[email protected]>