Hi, What is the state of affairs wrt. the pixiefail vulnerabilities?
The advisory is published (https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h), it says the plan is to have the fixes included in the next (Feb 2024) stable tag. I see bugzilla has patches attached, most of them written by Doug Flick. There is not that much time left until code freeze starts. Shouldn't we get the ball rolling to get the patches reviewed and merged? Given that the pixiefail details where published last week it should be ok to simply send the patches to the devel list for review. thanks & take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114216): https://edk2.groups.io/g/devel/message/114216 Mute This Topic: https://groups.io/mt/103913088/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
