boot/grub2: drop stale IGNORE_CVES entries

CVE-2020-15705 is only applicable to grub versions up to 2.04, and
we're using a more recent version, so it is no longer needed to ignore
it.

CVE-2021-46705 is only applicable to grub versions up to 2.06, and
we're using a more recent version, so it is no longer needed to ignore
it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>

boot/grub2/grub2.mk

@@ -19,14 +19,6 @@ GRUB2_INSTALL_IMAGES = YES
 # doesn't exist upstream, but is added by the Redhat/Fedora
 # packaging. Not applicable to Buildroot.
 GRUB2_IGNORE_CVES += CVE-2019-14865
-# CVE-2020-15705 is related to a flaw in the use of the
-# grub_linuxefi_secure_validate(), which was added by Debian/Ubuntu
-# patches. The issue doesn't affect upstream Grub, and
-# grub_linuxefi_secure_validate() is not implemented in the grub2
-# version available in Buildroot.
-GRUB2_IGNORE_CVES += CVE-2020-15705
-# vulnerability is specific to the SUSE distribution
-GRUB2_IGNORE_CVES += CVE-2021-46705
 # vulnerability is specific to the Redhat distribution, affects a
 # downstream change from Redhat related to password authentication
 GRUB2_IGNORE_CVES += CVE-2023-4001