[07:06] Hey folks, can anyone explain the package name and version discrepancies between https://ubuntu.com/security/CVE-2020-14372 and https://packages.ubuntu.com/search?suite=focal&searchon=names&keywords=grub2 for me? [07:06] The package names mentioned in the CVE notice say they were released, but they don't appear in the packages database, nor do they appear in apt-cache search/policy on my laptop. [07:06] A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed... [07:07] My machine is fully patched according to unattended-upgrades... [10:34] blahdeblah: the binary package is grub-efi-amd64-signed, grub2-signed is the source package === jdstrand_ is now known as jdstrand [23:02] kenyon: Of course - makes sense. Thanks.