Laszlo: I am ok to merge it as the security bug fix for this stable tag.
Thanks Liming > -----邮件原件----- > 发件人: Laszlo Ersek <ler...@redhat.com> > 发送时间: 2020年9月2日 14:46 > 收件人: Yao, Jiewen <jiewen....@intel.com>; devel@edk2.groups.io > 抄送: Wang, Jian J <jian.j.w...@intel.com>; Xu, Min M > <min.m...@intel.com>; Wenyi Xie <xiewen...@huawei.com>; Philippe > Mathieu-Daudé <phi...@redhat.com>; Liming Gao (Byosoft address) > <gaolim...@byosoft.com.cn> > 主题: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: > catch alignment overflow (CVE-2019-14562) > > On 09/02/20 08:41, Yao, Jiewen wrote: > > Yes. I recommend to merge to stable202008. > > Thank you, I will do that soon. > Laszlo > > > > > > >> -----Original Message----- > >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo > Ersek > >> Sent: Wednesday, September 2, 2020 2:35 PM > >> To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com> > >> Cc: Wang, Jian J <jian.j.w...@intel.com>; Xu, Min M > <min.m...@intel.com>; > >> Wenyi Xie <xiewen...@huawei.com>; Philippe Mathieu-Daudé > >> <phi...@redhat.com>; Liming Gao (Byosoft address) > >> <gaolim...@byosoft.com.cn> > >> Subject: Re: [edk2-devel] [PATCH 0/3] > SecurityPkg/DxeImageVerificationLib: > >> catch alignment overflow (CVE-2019-14562) > >> > >> (+Liming, +Phil) > >> > >> On 09/02/20 06:02, Yao, Jiewen wrote: > >>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen....@intel.com> > >> > >> Thank you Everyone for the reviews and testing. > >> > >> Jiewen: do you think we should merge this series into the master branch > >> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I > >> would like *you* to decide about it. > >> > >> Thanks > >> Laszlo > >> > >>> > >>> Thank you > >>> Yao Jiewen > >>> > >>>> -----Original Message----- > >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > Laszlo > >> Ersek > >>>> Sent: Tuesday, September 1, 2020 5:12 PM > >>>> To: edk2-devel-groups-io <devel@edk2.groups.io> > >>>> Cc: Wang, Jian J <jian.j.w...@intel.com>; Yao, Jiewen > >> <jiewen....@intel.com>; > >>>> Xu, Min M <min.m...@intel.com>; Wenyi Xie > <xiewen...@huawei.com> > >>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: > >> catch > >>>> alignment overflow (CVE-2019-14562) > >>>> > >>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 > >>>> Repo: https://pagure.io/lersek/edk2.git > >>>> Branch: tianocore_2215 > >>>> > >>>> I'm neutral on whether this becomes part of edk2-stable202008. > >>>> > >>>> Cc: Jian J Wang <jian.j.w...@intel.com> > >>>> Cc: Jiewen Yao <jiewen....@intel.com> > >>>> Cc: Min Xu <min.m...@intel.com> > >>>> Cc: Wenyi Xie <xiewen...@huawei.com> > >>>> > >>>> Thanks, > >>>> Laszlo > >>>> > >>>> Laszlo Ersek (3): > >>>> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, > >>>> SecDataDirLeft > >>>> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size > >>>> check > >>>> SecurityPkg/DxeImageVerificationLib: catch alignment overflow > >>>> (CVE-2019-14562) > >>>> > >>>> > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 > >>>> ++++++++++++---- > >>>> 1 file changed, 12 insertions(+), 4 deletions(-) > >>>> > >>>> -- > >>>> 2.19.1.3.g30247aa5d201 > >>>> > >>>> > >>>> > >>> > >>> > >>> > >>> > >> > >> > >> > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64965): https://edk2.groups.io/g/devel/message/64965 Mute This Topic: https://groups.io/mt/76578406/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
