From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=ray.ni@intel.com; receiver=edk2-devel@lists.01.org Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3D140211D6723 for ; Thu, 7 Mar 2019 18:32:26 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Mar 2019 18:32:26 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,454,1544515200"; d="scan'208";a="140138294" Received: from ray-dev.ccr.corp.intel.com ([10.239.9.36]) by orsmga002.jf.intel.com with ESMTP; 07 Mar 2019 18:32:25 -0800 From: Ray Ni To: edk2-devel@lists.01.org Date: Fri, 8 Mar 2019 10:35:12 +0800 Message-Id: <20190308023514.103228-1-ray.ni@intel.com> X-Mailer: git-send-email 2.20.1.windows.1 MIME-Version: 1.0 Subject: [PATCH v2 0/2] Fix bugs in HiiDatabase driver X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Mar 2019 02:32:27 -0000 Content-Transfer-Encoding: 8bit v2: put the CVE number in patch title. Ray Ni (2): MdeModulePkg/HiiDatabase: Fix potential integer overflow (CVE-2018-12181) MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed (CVE-2018-12181) MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 130 ++++++++++++++---- 1 file changed, 105 insertions(+), 25 deletions(-) -- 2.20.1.windows.1