Re: Where to find the fix for security issue id 686

From: "Gao, Liming" <liming.gao@intel.com>
To: Rafael Machado <rafaelrodrigues.machado@gmail.com>,
	"Zimmer, Vincent" <vincent.zimmer@intel.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: Where to find the fix for security issue id 686
Date: Tue, 16 Oct 2018 02:10:12 +0000	[thread overview]
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E33A89E@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <CACgnt79AnPW26=Zo8jLWKNi3Q8uR4HizgAGzK5Og_AAFg+ycJg@mail.gmail.com>

Rafael:
  https://bugzilla.tianocore.org/show_bug.cgi?id=686 public now. You can view it. I also send the patches to fix it. Please check. 

Thanks
Liming
>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>Rafael Machado
>Sent: Tuesday, October 16, 2018 8:41 AM
>To: Zimmer, Vincent <vincent.zimmer@intel.com>
>Cc: edk2-devel@lists.01.org
>Subject: Re: [edk2] Where to find the fix for security issue id 686
>
>I understood this issue's fix was already released at some branch.
>With your message things make sense again.
>
>In this case I can wait for this fix to be publicly available.
>Thanks for the clarification!
>
>Best Regards
>Rafael
>
>Em seg, 15 de out de 2018 às 16:42, Zimmer, Vincent <
>vincent.zimmer@intel.com> escreveu:
>
>> Ah ok
>>
>>
>>
>> From
>> https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-
>Issues
>> you will see that issues are only visible to the report and infosec group
>> of Bugzilla, namely “Issues in the *Tianocore Security Issue* product are
>> only visible to the *Reporter* of the issue and the members of the
>> *infosec* group. ”
>>
>>
>>
>> Since you were not the reporter of 686 and are not part of infosec, you
>> cannot see it.
>>
>>
>>
>> If you or anyone in the community would like to help work these issues
>> while in triage and embargo, let me know and we can add you to the infosec
>> group.
>>
>>
>>
>> Vincent
>>
>>
>>
>> *From:* Rafael Machado [mailto:rafaelrodrigues.machado@gmail.com]
>> *Sent:* Monday, October 15, 2018 12:17 PM
>> *To:* Zimmer, Vincent <vincent.zimmer@intel.com>
>> *Cc:* edk2-devel@lists.01.org
>> *Subject:* Re: [edk2] Where to find the fix for security issue id 686
>>
>>
>>
>> Hi Vincent
>>
>>
>>
>> Thanks for the answer.
>>
>> The problem is that when I try to access this link I have this message: "You
>> are not authorized to access bug #686."
>>
>>
>>
>> Any idea?
>>
>>
>>
>> Em seg, 15 de out de 2018 às 14:28, Zimmer, Vincent <
>> vincent.zimmer@intel.com> escreveu:
>>
>> You can find reference to patches via the advisory entry
>>
>> "31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry
>> https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-
>tianocompress-bounds-checking-issues.html
>> has an embedded link to
>> https://bugzilla.tianocore.org/attachment.cgi?id=150
>>
>> Vincent
>>
>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>> Rafael Machado
>> Sent: Monday, October 15, 2018 5:39 AM
>> To: edk2-devel@lists.01.org
>> Subject: [edk2] Where to find the fix for security issue id 686
>>
>> Hi everyone
>>
>> I was tying to find the patch to fix the reported security issue id 686 (
>> https://bugzilla.tianocore.org/show_bug.cgi?id=686),
>> but was not able to access it.
>>
>> Could someone please tell if this patch, or series of patches, was already
>> merged to some branch that is public available?
>>
>> Thanks and Regards
>> Rafael R. Machado
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel