DBXUpdate-20200729.x64.metainfo.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright 2020 Microsoft Corporation <richard@hughsie.com> -->
<component type="firmware">
  <id>org.linuxfoundation.dbx.x64.firmware</id>
  <name>Secure Boot dbx</name>
  <summary>UEFI Secure Boot Forbidden Signature Database</summary>
  <description>
    <p>
      Updating the UEFI dbx prevents starting EFI binaries with known security issues.
    </p>
  </description>
  <provides>
    <!-- Microsoft Corporation KEK CA 2011 -
    UEFI\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64 -->
    <firmware type="flashed">f8ba2887-9411-5c36-9cee-88995bb39731</firmware>
  </provides>
  <url type="homepage">https://uefi.org/revocationlistfile</url>
  <metadata_license>CC0-1.0</metadata_license>
  <project_license>proprietary</project_license>
  <developer_name>Microsoft Corporation</developer_name>
  <releases>
    <!-- for the version use `dbxtool -l -d foo.bin` and count the {microsoft} owner GUIDs -->
    <release urgency="high" version="190" date="2020-07-29">
      <checksum filename="DBXUpdate-20200729.x64.bin" target="content"/>
      <description>
        <p>
          This updates the dbx to the latest release from Microsoft which adds
          insecure versions of grub and shim to the list of forbidden signatures
          due to multiple discovered security updates.
        </p>
      </description>
      <issues>
        <issue type="cve">CVE-2020-10713</issue>
        <issue type="cve">CVE-2020-14308</issue>
        <issue type="cve">CVE-2020-14309</issue>
        <issue type="cve">CVE-2020-14310</issue>
        <issue type="cve">CVE-2020-14311</issue>
        <issue type="cve">CVE-2020-15705</issue>
        <issue type="cve">CVE-2020-15706</issue>
        <issue type="cve">CVE-2020-15707</issue>
        <issue type="cve">CVE-2020-7205</issue>
      </issues>
    </release>
  </releases>
  <!-- only very recent versions of fwupd can apply this -->
  <requires>
    <id compare="ge" version="1.4.6">org.freedesktop.fwupd</id>
  </requires>
  <!-- these keywords are optional and are used for searching -->
  <keywords>
    <keyword>boothole</keyword>
  </keywords>
  <custom>
    <value key="LVFS::UpdateProtocol">org.uefi.dbx</value>
    <value key="LVFS::VersionFormat">number</value>
  </custom>
  <categories>
    <category>X-Configuration</category>
  </categories>
</component>