Your message dated Mon, 18 Mar 2019 22:20:07 +0000
with message-id <[email protected]>
and subject line Bug#924615: fixed in edk2 0~20190309.89910a39-1
has caused the Debian Bug report #924615,
regarding CVE-2018-12178 CVE-2018-12180 CVE-2018-12181
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
924615: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: edk2
Severity: grave
Tags: security
Please see
https://security-tracker.debian.org/tracker/CVE-2018-12178
https://security-tracker.debian.org/tracker/CVE-2018-12180
https://security-tracker.debian.org/tracker/CVE-2018-12181
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: edk2
Source-Version: 0~20190309.89910a39-1
We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <[email protected]> (supplier of updated edk2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Mar 2019 15:38:21 -0600
Source: edk2
Architecture: source
Version: 0~20190309.89910a39-1
Distribution: experimental
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: dann frazier <[email protected]>
Closes: 924615 924620
Changes:
edk2 (0~20190309.89910a39-1) experimental; urgency=medium
.
* New upstream release, based on edk2-stable201903 tag.
- Fixes for CVE-2018-12178, CVE-2018-12180 and CVE-2018-12181
Closes: #924615.
- qemu-efi-*: Avoid silent corruption of firmware flash image
by buggy EFI apps. Closes: #924620, LP: #1812093.
- d/binary-check.blacklist: Drop binaries removed upstream.
- d/binary-check.whitelist: Add new files detected as binary
that were hand-verified to be source.
- Bump openssl up to 1.1.0j.
- qemu-efi-{arm,aarch64}: Drop -DINTEL_BDS from build flags.
It became the default some time ago and was removed.
- ovmf: Stop cargo-culting the inclusion and build of external
EdkShell source. This is now no longer supported by upstream,
and is a no-op because it was replaced by the internal UEFI
shell back 2013 (9bef3cdc "OvmfPkg: Build and use the UEFI shell
by default").
- qemu-efi-{arm,aarch64}: Don't explicitly build ShellPkg,
ArmVirtPkg has been doing it since 2015 (da1ce6f8
"ArmVirtualizationPkg: build UEFI shell from source").
- Don't explicitly build FatPkg, OvmfPkg & ArmVirtPkg have
included it since 2016 (aa47e529 "OvmfPkg: Convert to using
FatPkg in the EDK II tree"), (42e3d9eb "ArmVirtPkg: Convert to
build FatPkg from source").
- d/p/no-missing-braces.diff: Forward port.
- d/p/no-stack-protector-all-archs.diff: Forward port.
Checksums-Sha1:
388a7224c852916e1912763ec739fde6ebe9b4cd 2338 edk2_0~20190309.89910a39-1.dsc
e6d4ff6e0567a0bb81927c535e375a4a51a378bc 23339972
edk2_0~20190309.89910a39.orig.tar.xz
0701dc3c4f0cd50625fde26bb039a85cde58a355 15228
edk2_0~20190309.89910a39-1.debian.tar.xz
1ab531b384695054025cfce7a882a841b5429a42 7456
edk2_0~20190309.89910a39-1_source.buildinfo
Checksums-Sha256:
d99370ce9ee37146e81716658ef5e5a955d4e5fe8020c731972e6a12aff311e2 2338
edk2_0~20190309.89910a39-1.dsc
62e1a2062b595b559f66b52a71c99c0aa43f099a7ff81fe023d6f197eb7455e5 23339972
edk2_0~20190309.89910a39.orig.tar.xz
380e37cb6ade8feaec62f694e68ff53fac41a59fadcf98839e96c82f8f988522 15228
edk2_0~20190309.89910a39-1.debian.tar.xz
dde54a9526e0df785a3c62ca6265956408207967424e326f303f5c543c376b2f 7456
edk2_0~20190309.89910a39-1_source.buildinfo
Files:
e5c741088cba2ff031f4ebef8960831e 2338 misc optional
edk2_0~20190309.89910a39-1.dsc
41ff12588d839a58b80283dedc866c4a 23339972 misc optional
edk2_0~20190309.89910a39.orig.tar.xz
341a1fbb571a6d42d9d33c3751dadb26 15228 misc optional
edk2_0~20190309.89910a39-1.debian.tar.xz
eca5e225c19e87f43347546e83c829a0 7456 misc optional
edk2_0~20190309.89910a39-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAlyQFMMRHGRhbm5mQGRl
Ymlhbi5vcmcACgkQG/g8XlT8hkD8Mw/+N2BfQfoVaw7zG60HWLsHDxaL4yhqSt8v
+v0DyZDt+pYY0uK5UBt/7uQsO4PRzVH3oiVkoYfghbm5Hwfeirn7bdxfwTcrNw0t
kO49rqjGruAI5h6Ug1K7kpNbmqwvJKtIqke4UEPM8aMHEC37lnKrJGV7T6BSjiaK
przr6pC+ZN78UU+Pj8eR3SYySqatZbnA9XZ0t/SgMYjWPrNJtN4n5L7L4MEfX57l
TPkqeS12QmRiOh08LBbcamyck31X8urDBWniqycQCZ2X/awyT/9IFWJ82aoiTXdJ
T2429urAHhHc7feeiayFc+RtJV9Sz02Kgt0Ov8F3ZMq7Ea62KsJenpf/B9m6pX2J
bE0jzU0REioMBAfEEsMHbwvFLnerqtCe8Qiehd08twlt5TddG1yWs50qeHRq5YXB
uIeJwoB+DI00kwhsuoQgfHZV7qnv9I1zexGSu6oEMJ3wY5OS4VEIl7GNBFyk/UHV
GFJ7d7chGZrF/QzOCkz6IKqzu4WEyYmgsM/fMs74giIMIVNOZoUAS3Y+HDI7CWQx
cZWHdw2vIlGhMCBLeL9cmqRN5b+mcm2/nPB0myU2f3YUBim5nsNNVKh0/iHL/YoJ
0wz9MSCZxx19/pGsHLIBtxXJMuemiRqyw/ESutIxa/4Sq8L2UgTld74KoN4kpGl9
E4lrnkpx0jQ=
=eU+o
-----END PGP SIGNATURE-----
--- End Message ---