From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by mx.groups.io with SMTP id smtpd.web08.23634.1605869871199689744
 for <devel@edk2.groups.io>;
 Fri, 20 Nov 2020 02:57:51 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EKT7x8NM;
 spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1605869870;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=pKcty0CMI5rI6lrREo49Kf6DSOnpGzUdQv/UrOm2H6U=;
	b=EKT7x8NMXvNCMn7mvFYqdqbB7nHNhy8c5QpNdO7+P7LObHNjYC/dzR+Al/UAaeNS4ChfRg
	V0dAwdTlxsawEiQkvxLKYtkd0M/yAvLW/Jh7UVYgkFcD6cAhQpokaACyZDuqzsN7PMoN2m
	7vJnyHkyybfwqPKzSVcgKf3npp/zTfM=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-533-gf509kCcMr-evpOLLBFjog-1; Fri, 20 Nov 2020 05:57:42 -0500
X-MC-Unique: gf509kCcMr-evpOLLBFjog-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 09A121005D59;
	Fri, 20 Nov 2020 10:57:41 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-10.ams2.redhat.com [10.36.115.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A5BD55D9C6;
	Fri, 20 Nov 2020 10:57:39 +0000 (UTC)
Subject: =?UTF-8?B?UmU6IOWbnuWkjTogW2VkazItZGV2ZWxdIFtQQVRDSCB2MiBSRVNFTkQgMC8yXSBzZWN1cml0eSBmaXg6IHVubGltaXRlZCBGViByZWN1cnNpb24sIHJvdW5kIDIgKERYRSBDb3JlKQ==?=
To: gaoliming <gaoliming@byosoft.com.cn>, devel@edk2.groups.io
Cc: 'Dandan Bi' <dandan.bi@intel.com>, 'Hao A Wu' <hao.a.wu@intel.com>,
 'Jian J Wang' <jian.j.wang@intel.com>,
 =?UTF-8?Q?'Philippe_Mathieu-Daud=c3=a9'?= <philmd@redhat.com>
References: <20201119105340.16225-1-lersek@redhat.com>
 <017701d6befe$528b9ba0$f7a2d2e0$@byosoft.com.cn>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <785266eb-c768-5819-8ea0-1c4eeb992c0b@redhat.com>
Date: Fri, 20 Nov 2020 11:57:38 +0100
MIME-Version: 1.0
In-Reply-To: <017701d6befe$528b9ba0$f7a2d2e0$@byosoft.com.cn>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit

On 11/20/20 06:30, gaoliming wrote:
> Laszlo:
>   I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. 

Thanks!

>   In BZ, there is no CVE number. So, I want to confirm whether CVE number is required. 

We seem to have failed getting a CVE number. I'm unaware of any CVE
being assigned to this issue.

Thanks
Laszlo

> 
> Thanks
> Liming
>> -----邮件原件-----
>> 发件人: bounce+27952+67707+4905953+8761045@groups.io
>> <bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek
>> 发送时间: 2020年11月19日 18:54
>> 收件人: edk2-devel-groups-io <devel@edk2.groups.io>
>> 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>;
>> Jian J Wang <jian.j.wang@intel.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com>
>> 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV
>> recursion, round 2 (DXE Core)
>>
>> Repo:   https://pagure.io/lersek/edk2.git
>> Branch: tianocore_1743_v2_resend
>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=1743
>>
>> "RESEND" because I'm publicly posting the patches from
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>.
>>
>> The Reviewed-by tags on the patches originate from
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>.
>>
>> Retested with Liming's reproducer; see
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>.
>>
>> This series targets edk2-stable202011. I plan to merge it later this
>> week, based on Liming's R-b.
>>
>> Liming, highlighting TianoCore#1743 in the "proposed features" list
>> could be useful.
>>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
>>
>> Thanks!
>> Laszlo
>>
>> Laszlo Ersek (2):
>>   MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
>>     FindChildNode()
>>   MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion
>>
>>  MdeModulePkg/MdeModulePkg.dec
>> |  6 +++
>>  MdeModulePkg/MdeModulePkg.uni
>> |  6 +++
>>  MdeModulePkg/Core/Dxe/DxeMain.inf
>> |  1 +
>>  MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52
>> +++++++++++++++++---
>>  4 files changed, 59 insertions(+), 6 deletions(-)
>>
>> --
>> 2.19.1.3.g30247aa5d201
>>
>>
>>
>> 
>>
> 
> 
>