From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web09.433.1581558788869363460 for ; Wed, 12 Feb 2020 17:53:09 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: liming.gao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Feb 2020 17:53:08 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,434,1574150400"; d="scan'208";a="406492073" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga005.jf.intel.com with ESMTP; 12 Feb 2020 17:53:07 -0800 Received: from shsmsx602.ccr.corp.intel.com (10.109.6.142) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 12 Feb 2020 17:53:07 -0800 Received: from shsmsx606.ccr.corp.intel.com (10.109.6.216) by SHSMSX602.ccr.corp.intel.com (10.109.6.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 13 Feb 2020 09:53:06 +0800 Received: from shsmsx606.ccr.corp.intel.com ([10.109.6.216]) by SHSMSX606.ccr.corp.intel.com ([10.109.6.216]) with mapi id 15.01.1713.004; Thu, 13 Feb 2020 09:53:06 +0800 From: "Liming Gao" To: "devel@edk2.groups.io" , "Wang, Jian J" , "Yao, Jiewen" , "Zhang, Chao B" Subject: Re: [edk2-devel] [PATCH 0/9] Fix false negative issue in DxeImageVerificationHandler Thread-Topic: [edk2-devel] [PATCH 0/9] Fix false negative issue in DxeImageVerificationHandler Thread-Index: AQHV3Ph6gtSdcG1fE0OUJdvz17/QVqgYZctQ Date: Thu, 13 Feb 2020 01:53:05 +0000 Message-ID: <19199ea699234ddfab6d8112de001c11@intel.com> References: <20200206141933.356-1-jian.j.wang@intel.com> In-Reply-To: <20200206141933.356-1-jian.j.wang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action x-originating-ip: [10.239.127.36] MIME-Version: 1.0 Return-Path: liming.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Jian, Jiewen and Chao: Does this patch catch to edk2 Q1 stable tag? If yes, can this patch be re= viewed this week, because Q1 stable tag soft feature freeze is 2020-02-14. Thanks Liming > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Wang, Jian= J > Sent: Thursday, February 6, 2020 10:19 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Zhang, Chao B > Subject: [edk2-devel] [PATCH 0/9] Fix false negative issue in DxeImageVer= ificationHandler >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1608 >=20 > Patch branch: https://github.com/jwang36/edk2/tree/fix-bz1608-bypass-blac= klist-check-via-signature >=20 >=20 > Cc: Jiewen Yao >=20 > Cc: Chao Zhang >=20 >=20 > Jian J Wang (8): > SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber=3D=3D0 > per DBX(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: fix wrong fetching dbx in > IsAllowedByDb(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching dbx in > IsAllowedByDb(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching code in > IsAllowedByDb(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: Differentiate error and search > result in IsCertHashFoundInDatabase(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: tighten default result of > IsForbiddenByDbx()(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: Differentiate error and search > result in IsSignatureFoundInDatabase(CVE-2019-14575) >=20 > Laszlo Ersek (1): > SecurityPkg/DxeImageVerificationLib: plug Data leak in > IsForbiddenByDbx()(CVE-2019-14575) >=20 > .../DxeImageVerificationLib.c | 283 ++++++++++++------ > 1 file changed, 191 insertions(+), 92 deletions(-) >=20 > -- > 2.24.0.windows.2 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. >=20 > View/Reply Online (#53866): https://edk2.groups.io/g/devel/message/53866 > Mute This Topic: https://groups.io/mt/71023416/1759384 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [liming.gao@intel.com] > -=3D-=3D-=3D-=3D-=3D-=3D