From: "Zeng, Star" <star.zeng@intel.com>
To: Laszlo Ersek <lersek@redhat.com>, Prasad Pandit <ppandit@redhat.com>
Cc: Vincent Zimmer <Vincent.Zimmer@intel.com>,
edk2-devel@lists.01.org, "Cetola,
Stephano" <stephano.cetola@intel.com>,
Steve McIntyre <93sam@debian.org>,
Peter Jones <pjones@redhat.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Michael Kinney <michael.d.kinney@intel.com>,
Gary Lin <glin@suse.com>, Chao Zhang <chao.b.zhang@intel.com>,
star.zeng@intel.com
Subject: Re: CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]
Date: Thu, 18 Oct 2018 10:45:44 +0800 [thread overview]
Message-ID: <87e85429-db40-0684-6895-a625cd020780@intel.com> (raw)
In-Reply-To: <8f86065a-1170-9ad4-15f2-15f38bd54781@redhat.com>
Hi Laszlo,
On 2018/10/18 2:27, Laszlo Ersek wrote:
> +Stephano
>
> On 10/17/18 16:58, Zeng, Star wrote:
>> On 2018/10/17 21:10, Laszlo Ersek wrote:
>
>>> I have requested earlier [1], and now I'm doing so again, that CVE fixes
>>> please all mention the CVE number in the *subject line*. When people
>>> look at the commit log, or even just patch traffic on this list, CVE
>>> numbers should *jump* at them.
>>
>> Good request. How about we document it as requirement at somewhere
>> (Contributions.txt?)? Then people can easily find the requirement and
>> follow it.
>
> I agree, we should have documented it somewhere explicitly.
>
> Stephano, can you please add a note to the "well-formed commit messages"
> topic that CVE number should be documented in the subject lines? My
> apologies for not thinking about this earlier.
I will be glad to help broadcast this request and direct people to that
document. :)
>
>>> http://mid.mail-archive.com/e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com
>>>
>>
>> Sorry, I could not access it.
>
> I'm unsure if you mean that you didn't see that message when I posted
> it, or else that you've now tried to follow the link, but it doesn't
> work for you. Does the official edk2-devel archive work perhaps? Here's
> a link within that, to the same message:
>
> https://lists.01.org/pipermail/edk2-devel/2018-August/028700.html
The edk2-devel archive link works for me. But I did not review this
thread and did not see the request. :(
FYI, I could not access the redhat archive link
http://mid.mail-archive.com/e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com,
I just heard some other people also could not access it.
Thanks,
Star
>
> Please see my request (1).
>
> Either way -- I totally agree this hasn't been documented appropriately
> before.
>
> Thanks
> Laszlo
>
next prev parent reply other threads:[~2018-10-18 2:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-16 2:41 [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE Star Zeng
2018-10-16 7:03 ` Yao, Jiewen
2018-10-17 13:10 ` CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE] Laszlo Ersek
2018-10-17 14:58 ` Zeng, Star
2018-10-17 18:27 ` Laszlo Ersek
2018-10-18 2:45 ` Zeng, Star [this message]
2018-10-18 13:09 ` Laszlo Ersek
2018-10-18 13:43 ` Zeng, Star
2018-10-18 16:04 ` Laszlo Ersek
2018-10-18 21:45 ` Laszlo Ersek
2018-10-19 7:09 ` Zeng, Star
2018-10-19 12:35 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87e85429-db40-0684-6895-a625cd020780@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox