On 09/02/20 08:41, Yao, Jiewen wrote: > Yes. I recommend to merge to stable202008.
Thank you, I will do that soon. Laszlo > > >> -----Original Message----- >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek >> Sent: Wednesday, September 2, 2020 2:35 PM >> To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com> >> Cc: Wang, Jian J <jian.j.w...@intel.com>; Xu, Min M <min.m...@intel.com>; >> Wenyi Xie <xiewen...@huawei.com>; Philippe Mathieu-Daudé >> <phi...@redhat.com>; Liming Gao (Byosoft address) >> <gaolim...@byosoft.com.cn> >> Subject: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: >> catch alignment overflow (CVE-2019-14562) >> >> (+Liming, +Phil) >> >> On 09/02/20 06:02, Yao, Jiewen wrote: >>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen....@intel.com> >> >> Thank you Everyone for the reviews and testing. >> >> Jiewen: do you think we should merge this series into the master branch >> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I >> would like *you* to decide about it. >> >> Thanks >> Laszlo >> >>> >>> Thank you >>> Yao Jiewen >>> >>>> -----Original Message----- >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo >> Ersek >>>> Sent: Tuesday, September 1, 2020 5:12 PM >>>> To: edk2-devel-groups-io <devel@edk2.groups.io> >>>> Cc: Wang, Jian J <jian.j.w...@intel.com>; Yao, Jiewen >> <jiewen....@intel.com>; >>>> Xu, Min M <min.m...@intel.com>; Wenyi Xie <xiewen...@huawei.com> >>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: >> catch >>>> alignment overflow (CVE-2019-14562) >>>> >>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 >>>> Repo: https://pagure.io/lersek/edk2.git >>>> Branch: tianocore_2215 >>>> >>>> I'm neutral on whether this becomes part of edk2-stable202008. >>>> >>>> Cc: Jian J Wang <jian.j.w...@intel.com> >>>> Cc: Jiewen Yao <jiewen....@intel.com> >>>> Cc: Min Xu <min.m...@intel.com> >>>> Cc: Wenyi Xie <xiewen...@huawei.com> >>>> >>>> Thanks, >>>> Laszlo >>>> >>>> Laszlo Ersek (3): >>>> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, >>>> SecDataDirLeft >>>> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size >>>> check >>>> SecurityPkg/DxeImageVerificationLib: catch alignment overflow >>>> (CVE-2019-14562) >>>> >>>> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 >>>> ++++++++++++---- >>>> 1 file changed, 12 insertions(+), 4 deletions(-) >>>> >>>> -- >>>> 2.19.1.3.g30247aa5d201 >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64948): https://edk2.groups.io/g/devel/message/64948 Mute This Topic: https://groups.io/mt/76552538/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
