From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 7B53AD8027A for ; Tue, 13 Feb 2024 20:19:11 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=CpF83QVTFqRMiiIdDUhWJE1PzKsP1+VGdgTeaCa2f5s=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:User-Agent:Subject:To:CC:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1707855550; v=1; b=IQi9nKK2eLcyWYqutBWplxQx7uifztl0hsx5QHMoTXfkLaVNpjTCvVmAqv1mGOsZdtMeWyRM KaqNW0hqTWX2MwfkkmQU4QIa6sXxJfJ/igrptPLQE1awixdSHteOlBFAHUX3rZZqpZTwtcdgcVd cgqVWWRIuoOEr6T/yo+qFSNs= X-Received: by 127.0.0.2 with SMTP id 72ucYY7687511xkl3h2CJi0W; Tue, 13 Feb 2024 12:19:10 -0800 X-Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by mx.groups.io with SMTP id smtpd.web10.23917.1707855549481568491 for ; Tue, 13 Feb 2024 12:19:09 -0800 X-Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41DJWohO027562; Tue, 13 Feb 2024 20:18:05 GMT X-Received: from nasanppmta03.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3w8enn82ry-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 13 Feb 2024 20:18:05 +0000 (GMT) X-Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.45.79.139]) by NASANPPMTA03.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 41DKI4O6031557 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 13 Feb 2024 20:18:04 GMT X-Received: from [10.111.132.144] (10.80.80.8) by nasanex01c.na.qualcomm.com (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Tue, 13 Feb 2024 12:18:02 -0800 Message-ID: <9cf960a6-f9f0-40be-af1e-d3558b2df3a9@quicinc.com> Date: Tue, 13 Feb 2024 20:18:02 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v2 0/4] Corrects additional concern in NetworkPkg To: Doug Flick , CC: Saloni Kasbekar , Zachary Clark-williams , Andrew Fish , Michael D Kinney References: <20240213184603.2985-1-doug.edk2@gmail.com> From: "Leif Lindholm" In-Reply-To: <20240213184603.2985-1-doug.edk2@gmail.com> X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01c.na.qualcomm.com (10.45.79.139) X-QCInternal: smtphost X-Proofpoint-GUID: 9UBlzbhnjE49jElxPzu8mNiGyjZ5azPw X-Proofpoint-ORIG-GUID: 9UBlzbhnjE49jElxPzu8mNiGyjZ5azPw Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,quic_llindhol@quicinc.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 4xOB2m3MOXjYrfAe8bkQQgXOx7686176AA= Content-Language: en-GB Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=IQi9nKK2; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=quicinc.com (policy=none) I'm happy for this bugfix to go into the stable tag. / Leif On 2024-02-13 18:45, Doug Flick wrote: > After talking with Micheal Kinney, I was advised to resend > these with edk2-stable202402, and CC Stewards. >=20 > These patches are time sensitive and need reviews. >=20 > This patch series corrects an additional security concern > found in Dhc6Dxe related to CVE-2023-45229. >=20 > Additionally this fixes some issues on the mailing list > that were not pulled in before merging into Edk2. >=20 > Cc: Saloni Kasbekar > Cc: Zachary Clark-williams >=20 > Cc: Andrew Fish > Cc: Leif Lindholm > Cc: Michael D Kinney >=20 > Signed-off-by: Doug Flick [MSFT] >=20 > Doug Flick (4): > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch > NetworkPkg: Dhcp6Dxe: Removes duplicate check and replaces with macro > NetworkPkg: Dhcp6Dxe: Packet-Length is not updated before appending > NetworkPkg: : Updating SecurityFixes.yaml >=20 > NetworkPkg/Dhcp6Dxe/Dhcp6Io.h | 22 ++++++ > NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 70 +++++++++++++++----- > NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 46 ++++++------- > NetworkPkg/SecurityFixes.yaml | 1 + > 4 files changed, 96 insertions(+), 43 deletions(-) >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115414): https://edk2.groups.io/g/devel/message/115414 Mute This Topic: https://groups.io/mt/104339705/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-