Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Repo: https://pagure.io/lersek/edk2.git Branch: tianocore_2215 I'm neutral on whether this becomes part of edk2-stable202008. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Wenyi Xie <xiewenyi2@huawei.com> Thanks, Laszlo Laszlo Ersek (3): SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, SecDataDirLeft SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size check SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562) SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) -- 2.19.1.3.g30247aa5d201 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64882): https://edk2.groups.io/g/devel/message/64882 Mute This Topic: https://groups.io/mt/76552538/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek > Sent: Tuesday, September 1, 2020 5:12 PM > To: edk2-devel-groups-io <devel@edk2.groups.io> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; > Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com> > Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch > alignment overflow (CVE-2019-14562) > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 > Repo: https://pagure.io/lersek/edk2.git > Branch: tianocore_2215 > > I'm neutral on whether this becomes part of edk2-stable202008. > > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Min Xu <min.m.xu@intel.com> > Cc: Wenyi Xie <xiewenyi2@huawei.com> > > Thanks, > Laszlo > > Laszlo Ersek (3): > SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, > SecDataDirLeft > SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size > check > SecurityPkg/DxeImageVerificationLib: catch alignment overflow > (CVE-2019-14562) > > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 > ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > -- > 2.19.1.3.g30247aa5d201 > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64936): https://edk2.groups.io/g/devel/message/64936 Mute This Topic: https://groups.io/mt/76552538/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
(+Liming, +Phil) On 09/02/20 06:02, Yao, Jiewen wrote: > The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Thank you Everyone for the reviews and testing. Jiewen: do you think we should merge this series into the master branch before edk2-stable202008? I think it qualifies (it is a CVE fix), but I would like *you* to decide about it. Thanks Laszlo > > Thank you > Yao Jiewen > >> -----Original Message----- >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek >> Sent: Tuesday, September 1, 2020 5:12 PM >> To: edk2-devel-groups-io <devel@edk2.groups.io> >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; >> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com> >> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch >> alignment overflow (CVE-2019-14562) >> >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 >> Repo: https://pagure.io/lersek/edk2.git >> Branch: tianocore_2215 >> >> I'm neutral on whether this becomes part of edk2-stable202008. >> >> Cc: Jian J Wang <jian.j.wang@intel.com> >> Cc: Jiewen Yao <jiewen.yao@intel.com> >> Cc: Min Xu <min.m.xu@intel.com> >> Cc: Wenyi Xie <xiewenyi2@huawei.com> >> >> Thanks, >> Laszlo >> >> Laszlo Ersek (3): >> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, >> SecDataDirLeft >> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size >> check >> SecurityPkg/DxeImageVerificationLib: catch alignment overflow >> (CVE-2019-14562) >> >> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 >> ++++++++++++---- >> 1 file changed, 12 insertions(+), 4 deletions(-) >> >> -- >> 2.19.1.3.g30247aa5d201 >> >> >> > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64940): https://edk2.groups.io/g/devel/message/64940 Mute This Topic: https://groups.io/mt/76552538/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Yes. I recommend to merge to stable202008. > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek > Sent: Wednesday, September 2, 2020 2:35 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; > Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé > <philmd@redhat.com>; Liming Gao (Byosoft address) > <gaoliming@byosoft.com.cn> > Subject: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: > catch alignment overflow (CVE-2019-14562) > > (+Liming, +Phil) > > On 09/02/20 06:02, Yao, Jiewen wrote: > > The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com> > > Thank you Everyone for the reviews and testing. > > Jiewen: do you think we should merge this series into the master branch > before edk2-stable202008? I think it qualifies (it is a CVE fix), but I > would like *you* to decide about it. > > Thanks > Laszlo > > > > > Thank you > > Yao Jiewen > > > >> -----Original Message----- > >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo > Ersek > >> Sent: Tuesday, September 1, 2020 5:12 PM > >> To: edk2-devel-groups-io <devel@edk2.groups.io> > >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen > <jiewen.yao@intel.com>; > >> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com> > >> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: > catch > >> alignment overflow (CVE-2019-14562) > >> > >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 > >> Repo: https://pagure.io/lersek/edk2.git > >> Branch: tianocore_2215 > >> > >> I'm neutral on whether this becomes part of edk2-stable202008. > >> > >> Cc: Jian J Wang <jian.j.wang@intel.com> > >> Cc: Jiewen Yao <jiewen.yao@intel.com> > >> Cc: Min Xu <min.m.xu@intel.com> > >> Cc: Wenyi Xie <xiewenyi2@huawei.com> > >> > >> Thanks, > >> Laszlo > >> > >> Laszlo Ersek (3): > >> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, > >> SecDataDirLeft > >> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size > >> check > >> SecurityPkg/DxeImageVerificationLib: catch alignment overflow > >> (CVE-2019-14562) > >> > >> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 > >> ++++++++++++---- > >> 1 file changed, 12 insertions(+), 4 deletions(-) > >> > >> -- > >> 2.19.1.3.g30247aa5d201 > >> > >> > >> > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64946): https://edk2.groups.io/g/devel/message/64946 Mute This Topic: https://groups.io/mt/76552538/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 09/02/20 08:41, Yao, Jiewen wrote: > Yes. I recommend to merge to stable202008. Merged in commit range 751355992635..0b143fa43e92, via <https://github.com/tianocore/edk2/pull/911>. Thanks! Laszlo > >> -----Original Message----- >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek >> Sent: Wednesday, September 2, 2020 2:35 PM >> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; >> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé >> <philmd@redhat.com>; Liming Gao (Byosoft address) >> <gaoliming@byosoft.com.cn> >> Subject: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: >> catch alignment overflow (CVE-2019-14562) >> >> (+Liming, +Phil) >> >> On 09/02/20 06:02, Yao, Jiewen wrote: >>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com> >> >> Thank you Everyone for the reviews and testing. >> >> Jiewen: do you think we should merge this series into the master branch >> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I >> would like *you* to decide about it. >> >> Thanks >> Laszlo >> >>> >>> Thank you >>> Yao Jiewen >>> >>>> -----Original Message----- >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo >> Ersek >>>> Sent: Tuesday, September 1, 2020 5:12 PM >>>> To: edk2-devel-groups-io <devel@edk2.groups.io> >>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen >> <jiewen.yao@intel.com>; >>>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com> >>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: >> catch >>>> alignment overflow (CVE-2019-14562) >>>> >>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 >>>> Repo: https://pagure.io/lersek/edk2.git >>>> Branch: tianocore_2215 >>>> >>>> I'm neutral on whether this becomes part of edk2-stable202008. >>>> >>>> Cc: Jian J Wang <jian.j.wang@intel.com> >>>> Cc: Jiewen Yao <jiewen.yao@intel.com> >>>> Cc: Min Xu <min.m.xu@intel.com> >>>> Cc: Wenyi Xie <xiewenyi2@huawei.com> >>>> >>>> Thanks, >>>> Laszlo >>>> >>>> Laszlo Ersek (3): >>>> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, >>>> SecDataDirLeft >>>> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size >>>> check >>>> SecurityPkg/DxeImageVerificationLib: catch alignment overflow >>>> (CVE-2019-14562) >>>> >>>> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 >>>> ++++++++++++---- >>>> 1 file changed, 12 insertions(+), 4 deletions(-) >>>> >>>> -- >>>> 2.19.1.3.g30247aa5d201 >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64971): https://edk2.groups.io/g/devel/message/64971 Mute This Topic: https://groups.io/mt/76552538/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 09/02/20 08:41, Yao, Jiewen wrote: > Yes. I recommend to merge to stable202008. Thank you, I will do that soon. Laszlo > > >> -----Original Message----- >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek >> Sent: Wednesday, September 2, 2020 2:35 PM >> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>; >> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé >> <philmd@redhat.com>; Liming Gao (Byosoft address) >> <gaoliming@byosoft.com.cn> >> Subject: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: >> catch alignment overflow (CVE-2019-14562) >> >> (+Liming, +Phil) >> >> On 09/02/20 06:02, Yao, Jiewen wrote: >>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com> >> >> Thank you Everyone for the reviews and testing. >> >> Jiewen: do you think we should merge this series into the master branch >> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I >> would like *you* to decide about it. >> >> Thanks >> Laszlo >> >>> >>> Thank you >>> Yao Jiewen >>> >>>> -----Original Message----- >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo >> Ersek >>>> Sent: Tuesday, September 1, 2020 5:12 PM >>>> To: edk2-devel-groups-io <devel@edk2.groups.io> >>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen >> <jiewen.yao@intel.com>; >>>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com> >>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: >> catch >>>> alignment overflow (CVE-2019-14562) >>>> >>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 >>>> Repo: https://pagure.io/lersek/edk2.git >>>> Branch: tianocore_2215 >>>> >>>> I'm neutral on whether this becomes part of edk2-stable202008. >>>> >>>> Cc: Jian J Wang <jian.j.wang@intel.com> >>>> Cc: Jiewen Yao <jiewen.yao@intel.com> >>>> Cc: Min Xu <min.m.xu@intel.com> >>>> Cc: Wenyi Xie <xiewenyi2@huawei.com> >>>> >>>> Thanks, >>>> Laszlo >>>> >>>> Laszlo Ersek (3): >>>> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, >>>> SecDataDirLeft >>>> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size >>>> check >>>> SecurityPkg/DxeImageVerificationLib: catch alignment overflow >>>> (CVE-2019-14562) >>>> >>>> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 >>>> ++++++++++++---- >>>> 1 file changed, 12 insertions(+), 4 deletions(-) >>>> >>>> -- >>>> 2.19.1.3.g30247aa5d201 >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64948): https://edk2.groups.io/g/devel/message/64948 Mute This Topic: https://groups.io/mt/76552538/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Laszlo: I am ok to merge it as the security bug fix for this stable tag. Thanks Liming > -----邮件原件----- > 发件人: Laszlo Ersek <lersek@redhat.com> > 发送时间: 2020年9月2日 14:46 > 收件人: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io > 抄送: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M > <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>; Philippe > Mathieu-Daudé <philmd@redhat.com>; Liming Gao (Byosoft address) > <gaoliming@byosoft.com.cn> > 主题: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: > catch alignment overflow (CVE-2019-14562) > > On 09/02/20 08:41, Yao, Jiewen wrote: > > Yes. I recommend to merge to stable202008. > > Thank you, I will do that soon. > Laszlo > > > > > > >> -----Original Message----- > >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo > Ersek > >> Sent: Wednesday, September 2, 2020 2:35 PM > >> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> > >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M > <min.m.xu@intel.com>; > >> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé > >> <philmd@redhat.com>; Liming Gao (Byosoft address) > >> <gaoliming@byosoft.com.cn> > >> Subject: Re: [edk2-devel] [PATCH 0/3] > SecurityPkg/DxeImageVerificationLib: > >> catch alignment overflow (CVE-2019-14562) > >> > >> (+Liming, +Phil) > >> > >> On 09/02/20 06:02, Yao, Jiewen wrote: > >>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com> > >> > >> Thank you Everyone for the reviews and testing. > >> > >> Jiewen: do you think we should merge this series into the master branch > >> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I > >> would like *you* to decide about it. > >> > >> Thanks > >> Laszlo > >> > >>> > >>> Thank you > >>> Yao Jiewen > >>> > >>>> -----Original Message----- > >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > Laszlo > >> Ersek > >>>> Sent: Tuesday, September 1, 2020 5:12 PM > >>>> To: edk2-devel-groups-io <devel@edk2.groups.io> > >>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen > >> <jiewen.yao@intel.com>; > >>>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie > <xiewenyi2@huawei.com> > >>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: > >> catch > >>>> alignment overflow (CVE-2019-14562) > >>>> > >>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 > >>>> Repo: https://pagure.io/lersek/edk2.git > >>>> Branch: tianocore_2215 > >>>> > >>>> I'm neutral on whether this becomes part of edk2-stable202008. > >>>> > >>>> Cc: Jian J Wang <jian.j.wang@intel.com> > >>>> Cc: Jiewen Yao <jiewen.yao@intel.com> > >>>> Cc: Min Xu <min.m.xu@intel.com> > >>>> Cc: Wenyi Xie <xiewenyi2@huawei.com> > >>>> > >>>> Thanks, > >>>> Laszlo > >>>> > >>>> Laszlo Ersek (3): > >>>> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, > >>>> SecDataDirLeft > >>>> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size > >>>> check > >>>> SecurityPkg/DxeImageVerificationLib: catch alignment overflow > >>>> (CVE-2019-14562) > >>>> > >>>> > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 > >>>> ++++++++++++---- > >>>> 1 file changed, 12 insertions(+), 4 deletions(-) > >>>> > >>>> -- > >>>> 2.19.1.3.g30247aa5d201 > >>>> > >>>> > >>>> > >>> > >>> > >>> > >>> > >> > >> > >> > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64965): https://edk2.groups.io/g/devel/message/64965 Mute This Topic: https://groups.io/mt/76578406/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.