From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8E28C2116DF97 for ; Wed, 17 Oct 2018 19:46:17 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2018 19:46:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,393,1534834800"; d="scan'208";a="82351341" Received: from shzintpr01.sh.intel.com (HELO [10.7.209.65]) ([10.239.4.80]) by orsmga008.jf.intel.com with ESMTP; 17 Oct 2018 19:46:14 -0700 To: Laszlo Ersek , Prasad Pandit Cc: Vincent Zimmer , edk2-devel@lists.01.org, "Cetola, Stephano" , Steve McIntyre <93sam@debian.org>, Peter Jones , Jiewen Yao , Michael Kinney , Gary Lin , Chao Zhang , star.zeng@intel.com References: <1539657661-57656-1-git-send-email-star.zeng@intel.com> <75a8ff0b-dac9-dbb4-a792-1085a0b73699@redhat.com> <2d9e4a50-be84-e501-b4b6-651367769e91@intel.com> <8f86065a-1170-9ad4-15f2-15f38bd54781@redhat.com> From: "Zeng, Star" Message-ID: <87e85429-db40-0684-6895-a625cd020780@intel.com> Date: Thu, 18 Oct 2018 10:45:44 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <8f86065a-1170-9ad4-15f2-15f38bd54781@redhat.com> Subject: Re: CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE] X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2018 02:46:17 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Hi Laszlo, On 2018/10/18 2:27, Laszlo Ersek wrote: > +Stephano > > On 10/17/18 16:58, Zeng, Star wrote: >> On 2018/10/17 21:10, Laszlo Ersek wrote: > >>> I have requested earlier [1], and now I'm doing so again, that CVE fixes >>> please all mention the CVE number in the *subject line*. When people >>> look at the commit log, or even just patch traffic on this list, CVE >>> numbers should *jump* at them. >> >> Good request. How about we document it as requirement at somewhere >> (Contributions.txt?)? Then people can easily find the requirement and >> follow it. > > I agree, we should have documented it somewhere explicitly. > > Stephano, can you please add a note to the "well-formed commit messages" > topic that CVE number should be documented in the subject lines? My > apologies for not thinking about this earlier. I will be glad to help broadcast this request and direct people to that document. :) > >>> http://mid.mail-archive.com/e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com >>> >> >> Sorry, I could not access it. > > I'm unsure if you mean that you didn't see that message when I posted > it, or else that you've now tried to follow the link, but it doesn't > work for you. Does the official edk2-devel archive work perhaps? Here's > a link within that, to the same message: > > https://lists.01.org/pipermail/edk2-devel/2018-August/028700.html The edk2-devel archive link works for me. But I did not review this thread and did not see the request. :( FYI, I could not access the redhat archive link http://mid.mail-archive.com/e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com, I just heard some other people also could not access it. Thanks, Star > > Please see my request (1). > > Either way -- I totally agree this hasn't been documented appropriately > before. > > Thanks > Laszlo >