From: "gaoliming" <gaoliming@byosoft.com.cn>
To: "'Laszlo Ersek'" <lersek@redhat.com>,
"'Yao, Jiewen'" <jiewen.yao@intel.com>, <devel@edk2.groups.io>
Cc: "'Wang, Jian J'" <jian.j.wang@intel.com>,
"'Xu, Min M'" <min.m.xu@intel.com>,
"'Wenyi Xie'" <xiewenyi2@huawei.com>,
"'Philippe Mathieu-Daudé'" <philmd@redhat.com>
Subject: 回复: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
Date: Wed, 2 Sep 2020 16:58:15 +0800 [thread overview]
Message-ID: <003001d68107$3278a590$9769f0b0$@byosoft.com.cn> (raw)
In-Reply-To: <0b673874-d7fd-15af-6e98-3790ed6742dc@redhat.com>
Laszlo:
I am ok to merge it as the security bug fix for this stable tag.
Thanks
Liming
> -----邮件原件-----
> 发件人: Laszlo Ersek <lersek@redhat.com>
> 发送时间: 2020年9月2日 14:46
> 收件人: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> 抄送: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M
> <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>; Philippe
> Mathieu-Daudé <philmd@redhat.com>; Liming Gao (Byosoft address)
> <gaoliming@byosoft.com.cn>
> 主题: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
> catch alignment overflow (CVE-2019-14562)
>
> On 09/02/20 08:41, Yao, Jiewen wrote:
> > Yes. I recommend to merge to stable202008.
>
> Thank you, I will do that soon.
> Laszlo
>
> >
> >
> >> -----Original Message-----
> >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo
> Ersek
> >> Sent: Wednesday, September 2, 2020 2:35 PM
> >> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M
> <min.m.xu@intel.com>;
> >> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daudé
> >> <philmd@redhat.com>; Liming Gao (Byosoft address)
> >> <gaoliming@byosoft.com.cn>
> >> Subject: Re: [edk2-devel] [PATCH 0/3]
> SecurityPkg/DxeImageVerificationLib:
> >> catch alignment overflow (CVE-2019-14562)
> >>
> >> (+Liming, +Phil)
> >>
> >> On 09/02/20 06:02, Yao, Jiewen wrote:
> >>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
> >>
> >> Thank you Everyone for the reviews and testing.
> >>
> >> Jiewen: do you think we should merge this series into the master branch
> >> before edk2-stable202008? I think it qualifies (it is a CVE fix), but I
> >> would like *you* to decide about it.
> >>
> >> Thanks
> >> Laszlo
> >>
> >>>
> >>> Thank you
> >>> Yao Jiewen
> >>>
> >>>> -----Original Message-----
> >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> Laszlo
> >> Ersek
> >>>> Sent: Tuesday, September 1, 2020 5:12 PM
> >>>> To: edk2-devel-groups-io <devel@edk2.groups.io>
> >>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen
> >> <jiewen.yao@intel.com>;
> >>>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie
> <xiewenyi2@huawei.com>
> >>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib:
> >> catch
> >>>> alignment overflow (CVE-2019-14562)
> >>>>
> >>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
> >>>> Repo: https://pagure.io/lersek/edk2.git
> >>>> Branch: tianocore_2215
> >>>>
> >>>> I'm neutral on whether this becomes part of edk2-stable202008.
> >>>>
> >>>> Cc: Jian J Wang <jian.j.wang@intel.com>
> >>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
> >>>> Cc: Min Xu <min.m.xu@intel.com>
> >>>> Cc: Wenyi Xie <xiewenyi2@huawei.com>
> >>>>
> >>>> Thanks,
> >>>> Laszlo
> >>>>
> >>>> Laszlo Ersek (3):
> >>>> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
> >>>> SecDataDirLeft
> >>>> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size
> >>>> check
> >>>> SecurityPkg/DxeImageVerificationLib: catch alignment overflow
> >>>> (CVE-2019-14562)
> >>>>
> >>>>
> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16
> >>>> ++++++++++++----
> >>>> 1 file changed, 12 insertions(+), 4 deletions(-)
> >>>>
> >>>> --
> >>>> 2.19.1.3.g30247aa5d201
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
next prev parent reply other threads:[~2020-09-02 8:58 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-01 9:12 [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562) Laszlo Ersek
2020-09-01 9:12 ` [PATCH 1/3] SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, SecDataDirLeft Laszlo Ersek
2020-09-01 15:37 ` [edk2-devel] " Philippe Mathieu-Daudé
2020-09-02 1:31 ` wenyi,xie
2020-09-02 1:55 ` Xu, Min M
2020-09-01 9:12 ` [PATCH 2/3] SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size check Laszlo Ersek
2020-09-01 15:40 ` [edk2-devel] " Philippe Mathieu-Daudé
2020-09-02 1:32 ` wenyi,xie
2020-09-02 2:19 ` Xu, Min M
2020-09-01 9:12 ` [PATCH 3/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562) Laszlo Ersek
2020-09-01 15:53 ` [edk2-devel] " Philippe Mathieu-Daudé
2020-09-01 16:52 ` Laszlo Ersek
2020-09-02 1:32 ` wenyi,xie
2020-09-02 2:34 ` Xu, Min M
2020-09-02 4:02 ` [edk2-devel] [PATCH 0/3] " Yao, Jiewen
2020-09-02 6:35 ` Laszlo Ersek
2020-09-02 6:41 ` Yao, Jiewen
2020-09-02 6:46 ` Laszlo Ersek
2020-09-02 8:58 ` gaoliming [this message]
2020-09-02 10:33 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='003001d68107$3278a590$9769f0b0$@byosoft.com.cn' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox