1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)

Laszlo Ersek posted 3 patches 3 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/edk2 tags/patchew/20200901091221.20948-1-lersek@redhat.com
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
[edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
Posted by Laszlo Ersek 3 years, 7 months ago 
Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=2215
Repo:   https://pagure.io/lersek/edk2.git
Branch: tianocore_2215

I'm neutral on whether this becomes part of edk2-stable202008.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Wenyi Xie <xiewenyi2@huawei.com>

Thanks,
Laszlo

Laszlo Ersek (3):
  SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
    SecDataDirLeft
  SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size
    check
  SecurityPkg/DxeImageVerificationLib: catch alignment overflow
    (CVE-2019-14562)

 SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

-- 
2.19.1.3.g30247aa5d201


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64882): https://edk2.groups.io/g/devel/message/64882
Mute This Topic: https://groups.io/mt/76552538/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
Posted by Yao, Jiewen 3 years, 7 months ago 
The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

Thank you
Yao Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek
> Sent: Tuesday, September 1, 2020 5:12 PM
> To: edk2-devel-groups-io <devel@edk2.groups.io>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>
> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch
> alignment overflow (CVE-2019-14562)
> 
> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=2215
> Repo:   https://pagure.io/lersek/edk2.git
> Branch: tianocore_2215
> 
> I'm neutral on whether this becomes part of edk2-stable202008.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Wenyi Xie <xiewenyi2@huawei.com>
> 
> Thanks,
> Laszlo
> 
> Laszlo Ersek (3):
>   SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
>     SecDataDirLeft
>   SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size
>     check
>   SecurityPkg/DxeImageVerificationLib: catch alignment overflow
>     (CVE-2019-14562)
> 
>  SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16
> ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
> 
> --
> 2.19.1.3.g30247aa5d201
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64936): https://edk2.groups.io/g/devel/message/64936
Mute This Topic: https://groups.io/mt/76552538/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
Posted by Laszlo Ersek 3 years, 7 months ago 
(+Liming, +Phil)

On 09/02/20 06:02, Yao, Jiewen wrote:
> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

Thank you Everyone for the reviews and testing.

Jiewen: do you think we should merge this series into the master branch
before edk2-stable202008? I think it qualifies (it is a CVE fix), but I
would like *you* to decide about it.

Thanks
Laszlo

> 
> Thank you
> Yao Jiewen
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek
>> Sent: Tuesday, September 1, 2020 5:12 PM
>> To: edk2-devel-groups-io <devel@edk2.groups.io>
>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>
>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch
>> alignment overflow (CVE-2019-14562)
>>
>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=2215
>> Repo:   https://pagure.io/lersek/edk2.git
>> Branch: tianocore_2215
>>
>> I'm neutral on whether this becomes part of edk2-stable202008.
>>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Min Xu <min.m.xu@intel.com>
>> Cc: Wenyi Xie <xiewenyi2@huawei.com>
>>
>> Thanks,
>> Laszlo
>>
>> Laszlo Ersek (3):
>>   SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
>>     SecDataDirLeft
>>   SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size
>>     check
>>   SecurityPkg/DxeImageVerificationLib: catch alignment overflow
>>     (CVE-2019-14562)
>>
>>  SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16
>> ++++++++++++----
>>  1 file changed, 12 insertions(+), 4 deletions(-)
>>
>> --
>> 2.19.1.3.g30247aa5d201
>>
>>
>>
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64940): https://edk2.groups.io/g/devel/message/64940
Mute This Topic: https://groups.io/mt/76552538/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
Posted by Yao, Jiewen 3 years, 7 months ago 
Yes. I recommend to merge to stable202008.


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek
> Sent: Wednesday, September 2, 2020 2:35 PM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>;
> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé
> <philmd@redhat.com>; Liming Gao (Byosoft address)
> <gaoliming@byosoft.com.cn>
> Subject: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
> catch alignment overflow (CVE-2019-14562)
> 
> (+Liming, +Phil)
> 
> On 09/02/20 06:02, Yao, Jiewen wrote:
> > The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
> 
> Thank you Everyone for the reviews and testing.
> 
> Jiewen: do you think we should merge this series into the master branch
> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I
> would like *you* to decide about it.
> 
> Thanks
> Laszlo
> 
> >
> > Thank you
> > Yao Jiewen
> >
> >> -----Original Message-----
> >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo
> Ersek
> >> Sent: Tuesday, September 1, 2020 5:12 PM
> >> To: edk2-devel-groups-io <devel@edk2.groups.io>
> >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>;
> >> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>
> >> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
> catch
> >> alignment overflow (CVE-2019-14562)
> >>
> >> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=2215
> >> Repo:   https://pagure.io/lersek/edk2.git
> >> Branch: tianocore_2215
> >>
> >> I'm neutral on whether this becomes part of edk2-stable202008.
> >>
> >> Cc: Jian J Wang <jian.j.wang@intel.com>
> >> Cc: Jiewen Yao <jiewen.yao@intel.com>
> >> Cc: Min Xu <min.m.xu@intel.com>
> >> Cc: Wenyi Xie <xiewenyi2@huawei.com>
> >>
> >> Thanks,
> >> Laszlo
> >>
> >> Laszlo Ersek (3):
> >>   SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
> >>     SecDataDirLeft
> >>   SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size
> >>     check
> >>   SecurityPkg/DxeImageVerificationLib: catch alignment overflow
> >>     (CVE-2019-14562)
> >>
> >>  SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16
> >> ++++++++++++----
> >>  1 file changed, 12 insertions(+), 4 deletions(-)
> >>
> >> --
> >> 2.19.1.3.g30247aa5d201
> >>
> >>
> >>
> >
> >
> >
> >
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64946): https://edk2.groups.io/g/devel/message/64946
Mute This Topic: https://groups.io/mt/76552538/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
Posted by Laszlo Ersek 3 years, 7 months ago 
On 09/02/20 08:41, Yao, Jiewen wrote:
> Yes. I recommend to merge to stable202008.

Merged in commit range 751355992635..0b143fa43e92, via
<https://github.com/tianocore/edk2/pull/911>.

Thanks!
Laszlo

> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek
>> Sent: Wednesday, September 2, 2020 2:35 PM
>> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>;
>> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé
>> <philmd@redhat.com>; Liming Gao (Byosoft address)
>> <gaoliming@byosoft.com.cn>
>> Subject: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
>> catch alignment overflow (CVE-2019-14562)
>>
>> (+Liming, +Phil)
>>
>> On 09/02/20 06:02, Yao, Jiewen wrote:
>>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
>>
>> Thank you Everyone for the reviews and testing.
>>
>> Jiewen: do you think we should merge this series into the master branch
>> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I
>> would like *you* to decide about it.
>>
>> Thanks
>> Laszlo
>>
>>>
>>> Thank you
>>> Yao Jiewen
>>>
>>>> -----Original Message-----
>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo
>> Ersek
>>>> Sent: Tuesday, September 1, 2020 5:12 PM
>>>> To: edk2-devel-groups-io <devel@edk2.groups.io>
>>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen
>> <jiewen.yao@intel.com>;
>>>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>
>>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
>> catch
>>>> alignment overflow (CVE-2019-14562)
>>>>
>>>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=2215
>>>> Repo:   https://pagure.io/lersek/edk2.git
>>>> Branch: tianocore_2215
>>>>
>>>> I'm neutral on whether this becomes part of edk2-stable202008.
>>>>
>>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>>> Cc: Min Xu <min.m.xu@intel.com>
>>>> Cc: Wenyi Xie <xiewenyi2@huawei.com>
>>>>
>>>> Thanks,
>>>> Laszlo
>>>>
>>>> Laszlo Ersek (3):
>>>>   SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
>>>>     SecDataDirLeft
>>>>   SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size
>>>>     check
>>>>   SecurityPkg/DxeImageVerificationLib: catch alignment overflow
>>>>     (CVE-2019-14562)
>>>>
>>>>  SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16
>>>> ++++++++++++----
>>>>  1 file changed, 12 insertions(+), 4 deletions(-)
>>>>
>>>> --
>>>> 2.19.1.3.g30247aa5d201
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>
>>
>>
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64971): https://edk2.groups.io/g/devel/message/64971
Mute This Topic: https://groups.io/mt/76552538/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
Posted by Laszlo Ersek 3 years, 7 months ago 
On 09/02/20 08:41, Yao, Jiewen wrote:
> Yes. I recommend to merge to stable202008.

Thank you, I will do that soon.
Laszlo

> 
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek
>> Sent: Wednesday, September 2, 2020 2:35 PM
>> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>;
>> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé
>> <philmd@redhat.com>; Liming Gao (Byosoft address)
>> <gaoliming@byosoft.com.cn>
>> Subject: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
>> catch alignment overflow (CVE-2019-14562)
>>
>> (+Liming, +Phil)
>>
>> On 09/02/20 06:02, Yao, Jiewen wrote:
>>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
>>
>> Thank you Everyone for the reviews and testing.
>>
>> Jiewen: do you think we should merge this series into the master branch
>> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I
>> would like *you* to decide about it.
>>
>> Thanks
>> Laszlo
>>
>>>
>>> Thank you
>>> Yao Jiewen
>>>
>>>> -----Original Message-----
>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo
>> Ersek
>>>> Sent: Tuesday, September 1, 2020 5:12 PM
>>>> To: edk2-devel-groups-io <devel@edk2.groups.io>
>>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen
>> <jiewen.yao@intel.com>;
>>>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>
>>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
>> catch
>>>> alignment overflow (CVE-2019-14562)
>>>>
>>>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=2215
>>>> Repo:   https://pagure.io/lersek/edk2.git
>>>> Branch: tianocore_2215
>>>>
>>>> I'm neutral on whether this becomes part of edk2-stable202008.
>>>>
>>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>>> Cc: Min Xu <min.m.xu@intel.com>
>>>> Cc: Wenyi Xie <xiewenyi2@huawei.com>
>>>>
>>>> Thanks,
>>>> Laszlo
>>>>
>>>> Laszlo Ersek (3):
>>>>   SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
>>>>     SecDataDirLeft
>>>>   SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size
>>>>     check
>>>>   SecurityPkg/DxeImageVerificationLib: catch alignment overflow
>>>>     (CVE-2019-14562)
>>>>
>>>>  SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16
>>>> ++++++++++++----
>>>>  1 file changed, 12 insertions(+), 4 deletions(-)
>>>>
>>>> --
>>>> 2.19.1.3.g30247aa5d201
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>
>>
>> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64948): https://edk2.groups.io/g/devel/message/64948
Mute This Topic: https://groups.io/mt/76552538/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
回复: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
Posted by gaoliming 3 years, 7 months ago 
Laszlo:
  I am ok to merge it as the security bug fix for this stable tag. 

Thanks
Liming
> -----邮件原件-----
> 发件人: Laszlo Ersek <lersek@redhat.com>
> 发送时间: 2020年9月2日 14:46
> 收件人: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> 抄送: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M
> <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>; Philippe
> Mathieu-Daudé <philmd@redhat.com>; Liming Gao (Byosoft address)
> <gaoliming@byosoft.com.cn>
> 主题: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
> catch alignment overflow (CVE-2019-14562)
> 
> On 09/02/20 08:41, Yao, Jiewen wrote:
> > Yes. I recommend to merge to stable202008.
> 
> Thank you, I will do that soon.
> Laszlo
> 
> >
> >
> >> -----Original Message-----
> >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo
> Ersek
> >> Sent: Wednesday, September 2, 2020 2:35 PM
> >> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M
> <min.m.xu@intel.com>;
> >> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé
> >> <philmd@redhat.com>; Liming Gao (Byosoft address)
> >> <gaoliming@byosoft.com.cn>
> >> Subject: Re: [edk2-devel] [PATCH 0/3]
> SecurityPkg/DxeImageVerificationLib:
> >> catch alignment overflow (CVE-2019-14562)
> >>
> >> (+Liming, +Phil)
> >>
> >> On 09/02/20 06:02, Yao, Jiewen wrote:
> >>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
> >>
> >> Thank you Everyone for the reviews and testing.
> >>
> >> Jiewen: do you think we should merge this series into the master branch
> >> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I
> >> would like *you* to decide about it.
> >>
> >> Thanks
> >> Laszlo
> >>
> >>>
> >>> Thank you
> >>> Yao Jiewen
> >>>
> >>>> -----Original Message-----
> >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> Laszlo
> >> Ersek
> >>>> Sent: Tuesday, September 1, 2020 5:12 PM
> >>>> To: edk2-devel-groups-io <devel@edk2.groups.io>
> >>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen
> >> <jiewen.yao@intel.com>;
> >>>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie
> <xiewenyi2@huawei.com>
> >>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
> >> catch
> >>>> alignment overflow (CVE-2019-14562)
> >>>>
> >>>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=2215
> >>>> Repo:   https://pagure.io/lersek/edk2.git
> >>>> Branch: tianocore_2215
> >>>>
> >>>> I'm neutral on whether this becomes part of edk2-stable202008.
> >>>>
> >>>> Cc: Jian J Wang <jian.j.wang@intel.com>
> >>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
> >>>> Cc: Min Xu <min.m.xu@intel.com>
> >>>> Cc: Wenyi Xie <xiewenyi2@huawei.com>
> >>>>
> >>>> Thanks,
> >>>> Laszlo
> >>>>
> >>>> Laszlo Ersek (3):
> >>>>   SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
> >>>>     SecDataDirLeft
> >>>>   SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size
> >>>>     check
> >>>>   SecurityPkg/DxeImageVerificationLib: catch alignment overflow
> >>>>     (CVE-2019-14562)
> >>>>
> >>>>
> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16
> >>>> ++++++++++++----
> >>>>  1 file changed, 12 insertions(+), 4 deletions(-)
> >>>>
> >>>> --
> >>>> 2.19.1.3.g30247aa5d201
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >> 
> >




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64965): https://edk2.groups.io/g/devel/message/64965
Mute This Topic: https://groups.io/mt/76578406/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.