From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124])
 by mx.groups.io with SMTP id smtpd.web08.841.1605923053413758402
 for <devel@edk2.groups.io>;
 Fri, 20 Nov 2020 17:44:13 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EKbe6+eZ;
 spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1605923052;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=TWk1aqjXWEWxK34EONdtN6Fblq8mW0VHoRfK61TtwIM=;
	b=EKbe6+eZjb6vzwciZBcCCvbgG4rX9K50tWwAkVZuLQbm5DJJRBZmPoPAcftr+6t2F++mt6
	jCtsZlbLjLM6GOipFWWUBwl6UxpCPdZLwZzxM2FCJLRioccg8dbO4AuPZPjVT5Q7I+Npvt
	5nguPK/+Ts6D3NuHIGr0H6+AWMHLegU=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-498-mQQtTcDoOCidZKvvrf3WAw-1; Fri, 20 Nov 2020 20:44:02 -0500
X-MC-Unique: mQQtTcDoOCidZKvvrf3WAw-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8E12A80ED8B;
	Sat, 21 Nov 2020 01:44:01 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-21.ams2.redhat.com [10.36.112.21])
	by smtp.corp.redhat.com (Postfix) with ESMTP id C761C5C1D5;
	Sat, 21 Nov 2020 01:43:59 +0000 (UTC)
Subject: =?UTF-8?B?UmU6IOWbnuWkjTogW2VkazItZGV2ZWxdIFtQQVRDSCB2MiBSRVNFTkQgMC8yXSBzZWN1cml0eSBmaXg6IHVubGltaXRlZCBGViByZWN1cnNpb24sIHJvdW5kIDIgKERYRSBDb3JlKQ==?=
To: devel@edk2.groups.io, gaoliming@byosoft.com.cn
Cc: 'Dandan Bi' <dandan.bi@intel.com>, 'Hao A Wu' <hao.a.wu@intel.com>,
 'Jian J Wang' <jian.j.wang@intel.com>,
 =?UTF-8?Q?'Philippe_Mathieu-Daud=c3=a9'?= <philmd@redhat.com>
References: <20201119105340.16225-1-lersek@redhat.com>
 <017701d6befe$528b9ba0$f7a2d2e0$@byosoft.com.cn>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <2dc0ebff-93da-e92a-10e7-342b966ca658@redhat.com>
Date: Sat, 21 Nov 2020 02:43:58 +0100
MIME-Version: 1.0
In-Reply-To: <017701d6befe$528b9ba0$f7a2d2e0$@byosoft.com.cn>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit

On 11/20/20 06:30, gaoliming wrote:
> Laszlo:
>   I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. 

Merged as commit range 6c8dd15c4ae4..47343af30435, via
<https://github.com/tianocore/edk2/pull/1137>.

Thanks,
Laszlo

> 
>   In BZ, there is no CVE number. So, I want to confirm whether CVE number is required. 
> 
> Thanks
> Liming
>> -----邮件原件-----
>> 发件人: bounce+27952+67707+4905953+8761045@groups.io
>> <bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek
>> 发送时间: 2020年11月19日 18:54
>> 收件人: edk2-devel-groups-io <devel@edk2.groups.io>
>> 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>;
>> Jian J Wang <jian.j.wang@intel.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com>
>> 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV
>> recursion, round 2 (DXE Core)
>>
>> Repo:   https://pagure.io/lersek/edk2.git
>> Branch: tianocore_1743_v2_resend
>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=1743
>>
>> "RESEND" because I'm publicly posting the patches from
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>.
>>
>> The Reviewed-by tags on the patches originate from
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>.
>>
>> Retested with Liming's reproducer; see
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>.
>>
>> This series targets edk2-stable202011. I plan to merge it later this
>> week, based on Liming's R-b.
>>
>> Liming, highlighting TianoCore#1743 in the "proposed features" list
>> could be useful.
>>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
>>
>> Thanks!
>> Laszlo
>>
>> Laszlo Ersek (2):
>>   MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
>>     FindChildNode()
>>   MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion
>>
>>  MdeModulePkg/MdeModulePkg.dec
>> |  6 +++
>>  MdeModulePkg/MdeModulePkg.uni
>> |  6 +++
>>  MdeModulePkg/Core/Dxe/DxeMain.inf
>> |  1 +
>>  MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52
>> +++++++++++++++++---
>>  4 files changed, 59 insertions(+), 6 deletions(-)
>>
>> --
>> 2.19.1.3.g30247aa5d201
>>
>>
>>
>>
>>
> 
> 
> 
> 
> 
> 
> 
>