[08:11] * luna is listening to this weeks podcast now [22:03] Please triage CVE-2022-28736 for all Ubuntu releases and set its priority to Low or Negligible, because an exploit requires either physical or root access. [22:03] ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. [22:03] Please also provide a description in the CVE file. [22:13] Please triage CVE-2022-28735 for all Ubuntu releases. This is a Secure Boot bypass. [22:13] ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. [22:17] Same for CVE-2022-28734 and CVE-2022-28733, but these are heap buffer overflows that can lead to arbitrary code execution, but these require GRUB to use networking. [22:17] ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. [22:17] ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. [22:22] You can also triage the other CVEs for grub2: https://ubuntu.com/security/cves?q=&package=grub2&priority=&version=&status=needs-triage [22:23] They can lead to arbitrary code execution with varying difficulty, according to the descriptions. [22:23] *can all [22:24] I will leave now but I will see your replies in the logs.