File _patchinfo of Package patchinfo.1383

<patchinfo incident="1383">
  <issue id="956631" tracker="bnc">CVE-2015-8370: grub2: overflows in grub_password_get and grub_user_get</issue>
  <issue id="946148" tracker="bnc">snapshot enabled causes Xen pv guest to not boot</issue>
  <issue id="952539" tracker="bnc">Unable to boot Xen PV guest after installing with /boot on ext2/3/4</issue>
  <issue id="943380" tracker="bnc">SLES 12 SP1 Beta2 - XEN EFI install on System x servers fails to boot with "no shim lock protocol"</issue>
  <issue id="928131" tracker="bnc">kexec is killed with out-of-memory condition when machine has over 520 GB memory</issue>
  <issue id="CVE-2015-8370" tracker="cve"/>
  <category>security</category>
  <rating>important</rating>
  <packager>jjolly</packager>
  <description>This update for grub2 provides the following fixes and enhancements:

Security issue fixed:
- Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370)

Non security issues fixed:
- Expand list of grub.cfg search path in PV Xen guests for systems installed
  on btrfs snapshots. (bsc#946148, bsc#952539)
- Add --image switch to force zipl update to specific kernel. (bsc#928131)
- Do not use shim lock protocol for reading PE header as it won't be available
  when secure boot is disabled. (bsc#943380)
- Make firmware flaw condition be more precisely detected and add debug message
  for the case.
</description>
  <summary>Security update for grub2</summary>
</patchinfo>