From: "Zimmer, Vincent" <vincent.zimmer@intel.com>
To: Rafael Machado <rafaelrodrigues.machado@gmail.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: Where to find the fix for security issue id 686
Date: Mon, 15 Oct 2018 19:42:30 +0000 [thread overview]
Message-ID: <76DE84138CBE89489874B70B432D8F9BC7E3AB99@FMSMSX151.amr.corp.intel.com> (raw)
In-Reply-To: <CACgnt78HGux17mg9w5vM8HP9tHnRzfkwxfQhqdQYyS_ceydk0w@mail.gmail.com>
Ah ok
From https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-Issues you will see that issues are only visible to the report and infosec group of Bugzilla, namely “Issues in the Tianocore Security Issue product are only visible to the Reporter of the issue and the members of the infosec group. ”
Since you were not the reporter of 686 and are not part of infosec, you cannot see it.
If you or anyone in the community would like to help work these issues while in triage and embargo, let me know and we can add you to the infosec group.
Vincent
From: Rafael Machado [mailto:rafaelrodrigues.machado@gmail.com]
Sent: Monday, October 15, 2018 12:17 PM
To: Zimmer, Vincent <vincent.zimmer@intel.com>
Cc: edk2-devel@lists.01.org
Subject: Re: [edk2] Where to find the fix for security issue id 686
Hi Vincent
Thanks for the answer.
The problem is that when I try to access this link I have this message: "You are not authorized to access bug #686."
Any idea?
Em seg, 15 de out de 2018 às 14:28, Zimmer, Vincent <vincent.zimmer@intel.com<mailto:vincent.zimmer@intel.com>> escreveu:
You can find reference to patches via the advisory entry
"31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html has an embedded link to https://bugzilla.tianocore.org/attachment.cgi?id=150
Vincent
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org<mailto:edk2-devel-bounces@lists.01.org>] On Behalf Of Rafael Machado
Sent: Monday, October 15, 2018 5:39 AM
To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Subject: [edk2] Where to find the fix for security issue id 686
Hi everyone
I was tying to find the patch to fix the reported security issue id 686 ( https://bugzilla.tianocore.org/show_bug.cgi?id=686),
but was not able to access it.
Could someone please tell if this patch, or series of patches, was already merged to some branch that is public available?
Thanks and Regards
Rafael R. Machado
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
https://lists.01.org/mailman/listinfo/edk2-devel
next prev parent reply other threads:[~2018-10-15 19:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-15 12:39 Where to find the fix for security issue id 686 Rafael Machado
2018-10-15 17:28 ` Zimmer, Vincent
2018-10-15 19:16 ` Rafael Machado
2018-10-15 19:42 ` Zimmer, Vincent [this message]
2018-10-16 0:40 ` Rafael Machado
2018-10-16 2:10 ` Gao, Liming
2018-10-16 11:09 ` Rafael Machado
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=76DE84138CBE89489874B70B432D8F9BC7E3AB99@FMSMSX151.amr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox