public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* Where to find the fix for security issue id 686
@ 2018-10-15 12:39 Rafael Machado
  2018-10-15 17:28 ` Zimmer, Vincent
  0 siblings, 1 reply; 7+ messages in thread
From: Rafael Machado @ 2018-10-15 12:39 UTC (permalink / raw)
  To: edk2-devel@lists.01.org

Hi everyone

I was tying to find the patch to fix the reported security issue id 686 (
https://bugzilla.tianocore.org/show_bug.cgi?id=686),
but was not able to access it.

Could someone please tell if this patch, or series of patches, was already
merged to some branch that is public available?

Thanks and Regards
Rafael R. Machado


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Where to find the fix for security issue id 686
  2018-10-15 12:39 Where to find the fix for security issue id 686 Rafael Machado
@ 2018-10-15 17:28 ` Zimmer, Vincent
  2018-10-15 19:16   ` Rafael Machado
  0 siblings, 1 reply; 7+ messages in thread
From: Zimmer, Vincent @ 2018-10-15 17:28 UTC (permalink / raw)
  To: Rafael Machado, edk2-devel@lists.01.org

You can find reference to patches via the advisory entry

"31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html has an embedded link to https://bugzilla.tianocore.org/attachment.cgi?id=150 

Vincent

-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Rafael Machado
Sent: Monday, October 15, 2018 5:39 AM
To: edk2-devel@lists.01.org
Subject: [edk2] Where to find the fix for security issue id 686

Hi everyone

I was tying to find the patch to fix the reported security issue id 686 ( https://bugzilla.tianocore.org/show_bug.cgi?id=686),
but was not able to access it.

Could someone please tell if this patch, or series of patches, was already merged to some branch that is public available?

Thanks and Regards
Rafael R. Machado
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Where to find the fix for security issue id 686
  2018-10-15 17:28 ` Zimmer, Vincent
@ 2018-10-15 19:16   ` Rafael Machado
  2018-10-15 19:42     ` Zimmer, Vincent
  0 siblings, 1 reply; 7+ messages in thread
From: Rafael Machado @ 2018-10-15 19:16 UTC (permalink / raw)
  To: Zimmer, Vincent; +Cc: edk2-devel@lists.01.org

Hi Vincent

Thanks for the answer.
The problem is that when I try to access this link I have this message: "You
are not authorized to access bug #686."

Any idea?

Em seg, 15 de out de 2018 às 14:28, Zimmer, Vincent <
vincent.zimmer@intel.com> escreveu:

> You can find reference to patches via the advisory entry
>
> "31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry
> https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
> has an embedded link to
> https://bugzilla.tianocore.org/attachment.cgi?id=150
>
> Vincent
>
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Rafael Machado
> Sent: Monday, October 15, 2018 5:39 AM
> To: edk2-devel@lists.01.org
> Subject: [edk2] Where to find the fix for security issue id 686
>
> Hi everyone
>
> I was tying to find the patch to fix the reported security issue id 686 (
> https://bugzilla.tianocore.org/show_bug.cgi?id=686),
> but was not able to access it.
>
> Could someone please tell if this patch, or series of patches, was already
> merged to some branch that is public available?
>
> Thanks and Regards
> Rafael R. Machado
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
>


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Where to find the fix for security issue id 686
  2018-10-15 19:16   ` Rafael Machado
@ 2018-10-15 19:42     ` Zimmer, Vincent
  2018-10-16  0:40       ` Rafael Machado
  0 siblings, 1 reply; 7+ messages in thread
From: Zimmer, Vincent @ 2018-10-15 19:42 UTC (permalink / raw)
  To: Rafael Machado; +Cc: edk2-devel@lists.01.org

Ah ok

From https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-Issues you will see that issues are only visible to the report and infosec group of Bugzilla, namely “Issues in the Tianocore Security Issue product are only visible to the Reporter of the issue and the members of the infosec group. ”

Since you were not the reporter of 686 and are not part of infosec, you cannot see it.

If you or anyone in the community would like to help work these issues while in triage and embargo, let me know and we can add you to the infosec group.

Vincent

From: Rafael Machado [mailto:rafaelrodrigues.machado@gmail.com]
Sent: Monday, October 15, 2018 12:17 PM
To: Zimmer, Vincent <vincent.zimmer@intel.com>
Cc: edk2-devel@lists.01.org
Subject: Re: [edk2] Where to find the fix for security issue id 686

Hi Vincent

Thanks for the answer.
The problem is that when I try to access this link I have this message: "You are not authorized to access bug #686."

Any idea?

Em seg, 15 de out de 2018 às 14:28, Zimmer, Vincent <vincent.zimmer@intel.com<mailto:vincent.zimmer@intel.com>> escreveu:
You can find reference to patches via the advisory entry

"31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html has an embedded link to https://bugzilla.tianocore.org/attachment.cgi?id=150

Vincent

-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org<mailto:edk2-devel-bounces@lists.01.org>] On Behalf Of Rafael Machado
Sent: Monday, October 15, 2018 5:39 AM
To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Subject: [edk2] Where to find the fix for security issue id 686

Hi everyone

I was tying to find the patch to fix the reported security issue id 686 ( https://bugzilla.tianocore.org/show_bug.cgi?id=686),
but was not able to access it.

Could someone please tell if this patch, or series of patches, was already merged to some branch that is public available?

Thanks and Regards
Rafael R. Machado
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
https://lists.01.org/mailman/listinfo/edk2-devel

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Where to find the fix for security issue id 686
  2018-10-15 19:42     ` Zimmer, Vincent
@ 2018-10-16  0:40       ` Rafael Machado
  2018-10-16  2:10         ` Gao, Liming
  0 siblings, 1 reply; 7+ messages in thread
From: Rafael Machado @ 2018-10-16  0:40 UTC (permalink / raw)
  To: Zimmer, Vincent; +Cc: edk2-devel@lists.01.org

I understood this issue's fix was already released at some branch.
With your message things make sense again.

In this case I can wait for this fix to be publicly available.
Thanks for the clarification!

Best Regards
Rafael

Em seg, 15 de out de 2018 às 16:42, Zimmer, Vincent <
vincent.zimmer@intel.com> escreveu:

> Ah ok
>
>
>
> From
> https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-Issues
> you will see that issues are only visible to the report and infosec group
> of Bugzilla, namely “Issues in the *Tianocore Security Issue* product are
> only visible to the *Reporter* of the issue and the members of the
> *infosec* group. ”
>
>
>
> Since you were not the reporter of 686 and are not part of infosec, you
> cannot see it.
>
>
>
> If you or anyone in the community would like to help work these issues
> while in triage and embargo, let me know and we can add you to the infosec
> group.
>
>
>
> Vincent
>
>
>
> *From:* Rafael Machado [mailto:rafaelrodrigues.machado@gmail.com]
> *Sent:* Monday, October 15, 2018 12:17 PM
> *To:* Zimmer, Vincent <vincent.zimmer@intel.com>
> *Cc:* edk2-devel@lists.01.org
> *Subject:* Re: [edk2] Where to find the fix for security issue id 686
>
>
>
> Hi Vincent
>
>
>
> Thanks for the answer.
>
> The problem is that when I try to access this link I have this message: "You
> are not authorized to access bug #686."
>
>
>
> Any idea?
>
>
>
> Em seg, 15 de out de 2018 às 14:28, Zimmer, Vincent <
> vincent.zimmer@intel.com> escreveu:
>
> You can find reference to patches via the advisory entry
>
> "31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry
> https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
> has an embedded link to
> https://bugzilla.tianocore.org/attachment.cgi?id=150
>
> Vincent
>
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Rafael Machado
> Sent: Monday, October 15, 2018 5:39 AM
> To: edk2-devel@lists.01.org
> Subject: [edk2] Where to find the fix for security issue id 686
>
> Hi everyone
>
> I was tying to find the patch to fix the reported security issue id 686 (
> https://bugzilla.tianocore.org/show_bug.cgi?id=686),
> but was not able to access it.
>
> Could someone please tell if this patch, or series of patches, was already
> merged to some branch that is public available?
>
> Thanks and Regards
> Rafael R. Machado
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
>
>


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Where to find the fix for security issue id 686
  2018-10-16  0:40       ` Rafael Machado
@ 2018-10-16  2:10         ` Gao, Liming
  2018-10-16 11:09           ` Rafael Machado
  0 siblings, 1 reply; 7+ messages in thread
From: Gao, Liming @ 2018-10-16  2:10 UTC (permalink / raw)
  To: Rafael Machado, Zimmer, Vincent; +Cc: edk2-devel@lists.01.org

Rafael:
  https://bugzilla.tianocore.org/show_bug.cgi?id=686 public now. You can view it. I also send the patches to fix it. Please check. 

Thanks
Liming
>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>Rafael Machado
>Sent: Tuesday, October 16, 2018 8:41 AM
>To: Zimmer, Vincent <vincent.zimmer@intel.com>
>Cc: edk2-devel@lists.01.org
>Subject: Re: [edk2] Where to find the fix for security issue id 686
>
>I understood this issue's fix was already released at some branch.
>With your message things make sense again.
>
>In this case I can wait for this fix to be publicly available.
>Thanks for the clarification!
>
>Best Regards
>Rafael
>
>Em seg, 15 de out de 2018 às 16:42, Zimmer, Vincent <
>vincent.zimmer@intel.com> escreveu:
>
>> Ah ok
>>
>>
>>
>> From
>> https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-
>Issues
>> you will see that issues are only visible to the report and infosec group
>> of Bugzilla, namely “Issues in the *Tianocore Security Issue* product are
>> only visible to the *Reporter* of the issue and the members of the
>> *infosec* group. ”
>>
>>
>>
>> Since you were not the reporter of 686 and are not part of infosec, you
>> cannot see it.
>>
>>
>>
>> If you or anyone in the community would like to help work these issues
>> while in triage and embargo, let me know and we can add you to the infosec
>> group.
>>
>>
>>
>> Vincent
>>
>>
>>
>> *From:* Rafael Machado [mailto:rafaelrodrigues.machado@gmail.com]
>> *Sent:* Monday, October 15, 2018 12:17 PM
>> *To:* Zimmer, Vincent <vincent.zimmer@intel.com>
>> *Cc:* edk2-devel@lists.01.org
>> *Subject:* Re: [edk2] Where to find the fix for security issue id 686
>>
>>
>>
>> Hi Vincent
>>
>>
>>
>> Thanks for the answer.
>>
>> The problem is that when I try to access this link I have this message: "You
>> are not authorized to access bug #686."
>>
>>
>>
>> Any idea?
>>
>>
>>
>> Em seg, 15 de out de 2018 às 14:28, Zimmer, Vincent <
>> vincent.zimmer@intel.com> escreveu:
>>
>> You can find reference to patches via the advisory entry
>>
>> "31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry
>> https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-
>tianocompress-bounds-checking-issues.html
>> has an embedded link to
>> https://bugzilla.tianocore.org/attachment.cgi?id=150
>>
>> Vincent
>>
>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>> Rafael Machado
>> Sent: Monday, October 15, 2018 5:39 AM
>> To: edk2-devel@lists.01.org
>> Subject: [edk2] Where to find the fix for security issue id 686
>>
>> Hi everyone
>>
>> I was tying to find the patch to fix the reported security issue id 686 (
>> https://bugzilla.tianocore.org/show_bug.cgi?id=686),
>> but was not able to access it.
>>
>> Could someone please tell if this patch, or series of patches, was already
>> merged to some branch that is public available?
>>
>> Thanks and Regards
>> Rafael R. Machado
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Where to find the fix for security issue id 686
  2018-10-16  2:10         ` Gao, Liming
@ 2018-10-16 11:09           ` Rafael Machado
  0 siblings, 0 replies; 7+ messages in thread
From: Rafael Machado @ 2018-10-16 11:09 UTC (permalink / raw)
  To: Gao, Liming; +Cc: Zimmer, Vincent, edk2-devel@lists.01.org

Thanks a lot Liming!

Em seg, 15 de out de 2018 às 23:10, Gao, Liming <liming.gao@intel.com>
escreveu:

> Rafael:
>   https://bugzilla.tianocore.org/show_bug.cgi?id=686 public now. You can
> view it. I also send the patches to fix it. Please check.
>
> Thanks
> Liming
> >-----Original Message-----
> >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> >Rafael Machado
> >Sent: Tuesday, October 16, 2018 8:41 AM
> >To: Zimmer, Vincent <vincent.zimmer@intel.com>
> >Cc: edk2-devel@lists.01.org
> >Subject: Re: [edk2] Where to find the fix for security issue id 686
> >
> >I understood this issue's fix was already released at some branch.
> >With your message things make sense again.
> >
> >In this case I can wait for this fix to be publicly available.
> >Thanks for the clarification!
> >
> >Best Regards
> >Rafael
> >
> >Em seg, 15 de out de 2018 às 16:42, Zimmer, Vincent <
> >vincent.zimmer@intel.com> escreveu:
> >
> >> Ah ok
> >>
> >>
> >>
> >> From
> >>
> https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-
> >Issues
> >> you will see that issues are only visible to the report and infosec
> group
> >> of Bugzilla, namely “Issues in the *Tianocore Security Issue* product
> are
> >> only visible to the *Reporter* of the issue and the members of the
> >> *infosec* group. ”
> >>
> >>
> >>
> >> Since you were not the reporter of 686 and are not part of infosec, you
> >> cannot see it.
> >>
> >>
> >>
> >> If you or anyone in the community would like to help work these issues
> >> while in triage and embargo, let me know and we can add you to the
> infosec
> >> group.
> >>
> >>
> >>
> >> Vincent
> >>
> >>
> >>
> >> *From:* Rafael Machado [mailto:rafaelrodrigues.machado@gmail.com]
> >> *Sent:* Monday, October 15, 2018 12:17 PM
> >> *To:* Zimmer, Vincent <vincent.zimmer@intel.com>
> >> *Cc:* edk2-devel@lists.01.org
> >> *Subject:* Re: [edk2] Where to find the fix for security issue id 686
> >>
> >>
> >>
> >> Hi Vincent
> >>
> >>
> >>
> >> Thanks for the answer.
> >>
> >> The problem is that when I try to access this link I have this message:
> "You
> >> are not authorized to access bug #686."
> >>
> >>
> >>
> >> Any idea?
> >>
> >>
> >>
> >> Em seg, 15 de out de 2018 às 14:28, Zimmer, Vincent <
> >> vincent.zimmer@intel.com> escreveu:
> >>
> >> You can find reference to patches via the advisory entry
> >>
> >> "31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry
> >> https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-
> >tianocompress-bounds-checking-issues.html
> >> has an embedded link to
> >> https://bugzilla.tianocore.org/attachment.cgi?id=150
> >>
> >> Vincent
> >>
> >> -----Original Message-----
> >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> >> Rafael Machado
> >> Sent: Monday, October 15, 2018 5:39 AM
> >> To: edk2-devel@lists.01.org
> >> Subject: [edk2] Where to find the fix for security issue id 686
> >>
> >> Hi everyone
> >>
> >> I was tying to find the patch to fix the reported security issue id 686
> (
> >> https://bugzilla.tianocore.org/show_bug.cgi?id=686),
> >> but was not able to access it.
> >>
> >> Could someone please tell if this patch, or series of patches, was
> already
> >> merged to some branch that is public available?
> >>
> >> Thanks and Regards
> >> Rafael R. Machado
> >> _______________________________________________
> >> edk2-devel mailing list
> >> edk2-devel@lists.01.org
> >> https://lists.01.org/mailman/listinfo/edk2-devel
> >>
> >>
> >_______________________________________________
> >edk2-devel mailing list
> >edk2-devel@lists.01.org
> >https://lists.01.org/mailman/listinfo/edk2-devel
>


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-10-16 11:09 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-15 12:39 Where to find the fix for security issue id 686 Rafael Machado
2018-10-15 17:28 ` Zimmer, Vincent
2018-10-15 19:16   ` Rafael Machado
2018-10-15 19:42     ` Zimmer, Vincent
2018-10-16  0:40       ` Rafael Machado
2018-10-16  2:10         ` Gao, Liming
2018-10-16 11:09           ` Rafael Machado

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox