(+Liming, +Phil) On 09/02/20 06:02, Yao, Jiewen wrote: > The series (1~3) is reviewed-by: Jiewen Yao <[email protected]>
Thank you Everyone for the reviews and testing. Jiewen: do you think we should merge this series into the master branch before edk2-stable202008? I think it qualifies (it is a CVE fix), but I would like *you* to decide about it. Thanks Laszlo > > Thank you > Yao Jiewen > >> -----Original Message----- >> From: [email protected] <[email protected]> On Behalf Of Laszlo Ersek >> Sent: Tuesday, September 1, 2020 5:12 PM >> To: edk2-devel-groups-io <[email protected]> >> Cc: Wang, Jian J <[email protected]>; Yao, Jiewen <[email protected]>; >> Xu, Min M <[email protected]>; Wenyi Xie <[email protected]> >> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch >> alignment overflow (CVE-2019-14562) >> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 >> Repo: https://pagure.io/lersek/edk2.git >> Branch: tianocore_2215 >> >> I'm neutral on whether this becomes part of edk2-stable202008. >> >> Cc: Jian J Wang <[email protected]> >> Cc: Jiewen Yao <[email protected]> >> Cc: Min Xu <[email protected]> >> Cc: Wenyi Xie <[email protected]> >> >> Thanks, >> Laszlo >> >> Laszlo Ersek (3): >> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, >> SecDataDirLeft >> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size >> check >> SecurityPkg/DxeImageVerificationLib: catch alignment overflow >> (CVE-2019-14562) >> >> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 >> ++++++++++++---- >> 1 file changed, 12 insertions(+), 4 deletions(-) >> >> -- >> 2.19.1.3.g30247aa5d201 >> >> >> > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64940): https://edk2.groups.io/g/devel/message/64940 Mute This Topic: https://groups.io/mt/76552538/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
