From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.243])
 by mx.groups.io with SMTP id smtpd.web12.3183.1599037098375016112
 for <devel@edk2.groups.io>;
 Wed, 02 Sep 2020 01:58:19 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.243, mailfrom: gaoliming@byosoft.com.cn)
Received: from DESKTOPS6D0PVI ([58.246.60.130])
	(envelope-sender <gaoliming@byosoft.com.cn>)
	by 192.168.6.13 with ESMTP
	for <devel@edk2.groups.io>; Wed, 02 Sep 2020 16:58:14 +0800
X-WM-Sender: gaoliming@byosoft.com.cn
X-WM-AuthFlag: YES
X-WM-AuthUser: gaoliming@byosoft.com.cn
From: "gaoliming" <gaoliming@byosoft.com.cn>
To: "'Laszlo Ersek'" <lersek@redhat.com>,
	"'Yao, Jiewen'" <jiewen.yao@intel.com>,
	<devel@edk2.groups.io>
Cc: "'Wang, Jian J'" <jian.j.wang@intel.com>,
	"'Xu, Min M'" <min.m.xu@intel.com>,
	"'Wenyi Xie'" <xiewenyi2@huawei.com>,
	=?utf-8?Q?'Philippe_Mathieu-Daud=C3=A9'?= <philmd@redhat.com>
References: <20200901091221.20948-1-lersek@redhat.com> <CY4PR11MB1288E4F95345EDC297C9A7FC8C2F0@CY4PR11MB1288.namprd11.prod.outlook.com> <b429c129-f87b-adcc-e75f-6d84e36d3f58@redhat.com> <CY4PR11MB1288383950BFD29EAED2BC588C2F0@CY4PR11MB1288.namprd11.prod.outlook.com> <0b673874-d7fd-15af-6e98-3790ed6742dc@redhat.com>
In-Reply-To: <0b673874-d7fd-15af-6e98-3790ed6742dc@redhat.com>
Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIDAvM10gU2VjdXJpdHlQa2cvRHhlSW1hZ2VWZXJpZmljYXRpb25MaWI6IGNhdGNoIGFsaWdubWVudCBvdmVyZmxvdyAoQ1ZFLTIwMTktMTQ1NjIp?=
Date: Wed, 2 Sep 2020 16:58:15 +0800
Message-ID: <003001d68107$3278a590$9769f0b0$@byosoft.com.cn>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHpvwid5ald8M4LhnvB8owS4ekMawHK+gyoArO4Wv8CMRpbrwDOMdQgqPKgJrA=
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: zh-cn

Laszlo:
  I am ok to merge it as the security bug fix for this stable tag.=20

Thanks
Liming
> -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6-----
> =E5=8F=91=E4=BB=B6=E4=BA=BA: Laszlo Ersek <lersek@redhat.com>
> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2020=E5=B9=B49=E6=9C=882=E6=97=A5 =
14:46
> =E6=94=B6=E4=BB=B6=E4=BA=BA: Yao, Jiewen <jiewen.yao@intel.com>; devel@e=
dk2.groups.io
> =E6=8A=84=E9=80=81: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M
> <min.m.xu@intel.com>; Wenyi Xie <xiewenyi2@huawei.com>; Philippe
> Mathieu-Daud=C3=A9 <philmd@redhat.com>; Liming Gao (Byosoft address)
> <gaoliming@byosoft.com.cn>
> =E4=B8=BB=E9=A2=98: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVer=
ificationLib:
> catch alignment overflow (CVE-2019-14562)
>=20
> On 09/02/20 08:41, Yao, Jiewen wrote:
> > Yes. I recommend to merge to stable202008.
>=20
> Thank you, I will do that soon.
> Laszlo
>=20
> >
> >
> >> -----Original Message-----
> >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo
> Ersek
> >> Sent: Wednesday, September 2, 2020 2:35 PM
> >> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M
> <min.m.xu@intel.com>;
> >> Wenyi Xie <xiewenyi2@huawei.com>; Philippe Mathieu-Daud=C3=A9
> >> <philmd@redhat.com>; Liming Gao (Byosoft address)
> >> <gaoliming@byosoft.com.cn>
> >> Subject: Re: [edk2-devel] [PATCH 0/3]
> SecurityPkg/DxeImageVerificationLib:
> >> catch alignment overflow (CVE-2019-14562)
> >>
> >> (+Liming, +Phil)
> >>
> >> On 09/02/20 06:02, Yao, Jiewen wrote:
> >>> The series (1~3) is reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
> >>
> >> Thank you Everyone for the reviews and testing.
> >>
> >> Jiewen: do you think we should merge this series into the master bran=
ch
> >> before edk2-stable202008? I think it qualifies (it is a CVE fix), but=
 I
> >> would like *you* to decide about it.
> >>
> >> Thanks
> >> Laszlo
> >>
> >>>
> >>> Thank you
> >>> Yao Jiewen
> >>>
> >>>> -----Original Message-----
> >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> Laszlo
> >> Ersek
> >>>> Sent: Tuesday, September 1, 2020 5:12 PM
> >>>> To: edk2-devel-groups-io <devel@edk2.groups.io>
> >>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen
> >> <jiewen.yao@intel.com>;
> >>>> Xu, Min M <min.m.xu@intel.com>; Wenyi Xie
> <xiewenyi2@huawei.com>
> >>>> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationL=
ib:
> >> catch
> >>>> alignment overflow (CVE-2019-14562)
> >>>>
> >>>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=3D2215
> >>>> Repo:   https://pagure.io/lersek/edk2.git
> >>>> Branch: tianocore_2215
> >>>>
> >>>> I'm neutral on whether this becomes part of edk2-stable202008.
> >>>>
> >>>> Cc: Jian J Wang <jian.j.wang@intel.com>
> >>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
> >>>> Cc: Min Xu <min.m.xu@intel.com>
> >>>> Cc: Wenyi Xie <xiewenyi2@huawei.com>
> >>>>
> >>>> Thanks,
> >>>> Laszlo
> >>>>
> >>>> Laszlo Ersek (3):
> >>>>   SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd,
> >>>>     SecDataDirLeft
> >>>>   SecurityPkg/DxeImageVerificationLib: assign WinCertificate after =
size
> >>>>     check
> >>>>   SecurityPkg/DxeImageVerificationLib: catch alignment overflow
> >>>>     (CVE-2019-14562)
> >>>>
> >>>>
> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | =
16
> >>>> ++++++++++++----
> >>>>  1 file changed, 12 insertions(+), 4 deletions(-)
> >>>>
> >>>> --
> >>>> 2.19.1.3.g30247aa5d201
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>=20
> >