From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web11.3343.1581665266656025367
 for <devel@edk2.groups.io>;
 Thu, 13 Feb 2020 23:27:46 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: jian.j.wang@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Feb 2020 23:27:46 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,439,1574150400"; 
   d="scan'208";a="347904198"
Received: from shwdeopensfp777.ccr.corp.intel.com ([10.239.158.78])
  by fmsmga001.fm.intel.com with ESMTP; 13 Feb 2020 23:27:45 -0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH v2 00/10] Fix false negative issue in DxeImageVerificationHandler
Date: Fri, 14 Feb 2020 15:27:35 +0800
Message-Id: <20200214072745.1570-1-jian.j.wang@intel.com>
X-Mailer: git-send-email 2.24.0.windows.2
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

> v2 changes:=0D
>    - Change IsCertHashFoundInDatabase to IsCertHashFoundInDbx (patch 10)=
=0D
>    - Update result handling to all calling to IsCertHashFoundInDatabase=0D
>      to be consistent (patch 6)=0D
>    - Fix commit message and title length issue caught by PatchCheck tool=
=0D
=0D
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1608=0D
Patch branch: https://github.com/jwang36/edk2/tree/fix-bz1608-bypass-blackl=
ist-check-via-signature-v2=0D
=0D
Cc: Jiewen Yao <jiewen.yao@intel.com>=0D
Cc: Chao Zhang <chao.b.zhang@intel.com>

Jian J Wang (9):
  SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber=3D=3D0
    per DBX(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in
    IsAllowedByDb(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching
    dbx(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching
    code(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: Differentiate error/search result
    (1)(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: tighten default
    result(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: Differentiate error/search result
    (2)(CVE-2019-14575)
  SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase
    name(CVE-2019-14575)

Laszlo Ersek (1):
  SecurityPkg/DxeImageVerificationLib: plug Data leak in
    IsForbiddenByDbx()(CVE-2019-14575)

 .../DxeImageVerificationLib.c                 | 291 ++++++++++++------
 1 file changed, 198 insertions(+), 93 deletions(-)

--=20
2.24.0.windows.2