Coming back with answers directly from the IRC and swiftgeek!
First of all Libreboot is not affected and the issue the repository, better the author, is speaking of it.
also it's not even grub that is affected by "boothole" but distros that didn't enable signature verification in grub (like of any .cfg loaded), but signed said grub binary for secureboot use
it's like that "ssh" cve where exploit was abusing extremely bad configuration strongly discouraged by sshd because somebody could exploit it...
what was the most recent one that hopefully won't get accepted
if something decrypts data intended for it with key it has, that's a CVE because it reveals encrypted data!
Especially the mixing with the newer Coreboot:
and libreboot is not a fork of coreboot
In the end the answer is: There is no security-problem to be fixed and as I've mentioned ... using proprietary microcode within rom-images?
Well, not the way to go as this is not Libreboot.
Sorry, don't want to minimize the repository and its content. Hope the information is more helpful and clear now?
Note also: The repository brought up a little discussion in the IRC about the current situation of security issues within chip, vendors and the problems around with free, libre hardware:
<swiftgeek> so it's not like OSHW is a pie in the sky kind of thing or something obscure
Human being in favor with clear principles and so also for freedom in soft- and hardware!
Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!