On 12/16/2015 07:55 PM, Ivan wrote:

A recent vulnerability has been discovered, affecting GRUB from versions 1.98 to 2.02.

More info: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

Hey Ivan, an updated GRUB version is already laying in testing and awaits sign-offs [0]. Thanks anyway for reporting, however if you just want to make sure it gets handled and we are aware of the issue, feel free to instead simply join the IRC channel #archlinux-security on freenode and drop us a message there. cheers, Levente [0] https://www.archlinux.org/packages/testing/x86_64/grub/