From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <rafaelrodrigues.machado@gmail.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:4864:20::329; helo=mail-ot1-x329.google.com;
 envelope-from=rafaelrodrigues.machado@gmail.com;
 receiver=edk2-devel@lists.01.org 
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com
 [IPv6:2607:f8b0:4864:20::329])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 344F821B02822
 for <edk2-devel@lists.01.org>; Tue, 16 Oct 2018 04:09:52 -0700 (PDT)
Received: by mail-ot1-x329.google.com with SMTP id v2so14937178otk.1
 for <edk2-devel@lists.01.org>; Tue, 16 Oct 2018 04:09:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=igbILqChZT2L3QJG8T/BGRxr8HChzyxo+BCWcHyj4hk=;
 b=uGZtiw85Yagu694ZTw3j6YJlp2aYalLXxRF7XZcbM42t/Z0u7Z3i54m8C8LAT+yFOa
 lFqnXGTTGtmyN9ehst6CCsfNcCzxKk3ZUT6aDF8HNPOEJsds5v4BOq1hgTrqvHwLNbxt
 9F/lgfTm4w/7pJ5OpCOWiktxPYtfhxwZDbcODXrwvgPjz0MvmIfDKrF2ExoAfMfniEnY
 3xQkakcl8c2OdqUsnfWvsO3ELtB497EQD7kCJxiyY/SvEYBpHELyXU4XHaVr1H7v2b6s
 4bzz9TCvCEieYXG7eTmszJJdk5joCIDhMvJLp3pA+w/jbtH+2r73Y0S976YZ/GzyaVK4
 Y7/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=igbILqChZT2L3QJG8T/BGRxr8HChzyxo+BCWcHyj4hk=;
 b=pL1tnplea9/dojH0TOGzVBiuqiGFNcDrybwRxnTZwLYoMqWbvwGXtMtqAUSDnuyaIe
 LceA6zY/QvQxVhrJgYo5p80+HU1stt8yJZZVisE5O0hZVtmbutoCelbaILTYTPxj841A
 mgEJ+z6ZNX0rIebcWCTVeHYO8T6pehmymfZiwXn5utnwHeUGvvmsv75IwN/KmUkAn5or
 h1VnvzGrQLDKjiMOFxLV3IqW0fFgwn2kn5Xs4YV3nejtbxKMwwcBReGXcaOo0/RGiFtc
 zzFXPgoyK9l/OHuf6pdAqz9YRXqayxZNs74ZuDLMRjRWjAtDJF1xyPzqfdhFhOAmVpPc
 Nk1g==
X-Gm-Message-State: ABuFfohTgVTmuPtbaCbLu+y7HCWBzJluJnmHfyKVtoRKEjjnPm747AxO
 eBxO7ez7N7cyWP6anly/QsZZ3eT7nqdCLMx0E1U=
X-Google-Smtp-Source: ACcGV60z3I/MKz0C9a4kYdMRdPJ8Exwn3rf8kdQTnaEfZLJVXah1zSW+omgyq3AOlj76civoKadjlz0yGoyAnrgQYKM=
X-Received: by 2002:a9d:4617:: with SMTP id y23mr12731544ote.300.1539688190945; 
 Tue, 16 Oct 2018 04:09:50 -0700 (PDT)
MIME-Version: 1.0
References: <CACgnt7-rA94S4gBWtzkg-VNA4COWJ9hnm3-=sHxQ6rDBE+3buQ@mail.gmail.com>
 <76DE84138CBE89489874B70B432D8F9BC7E3A103@FMSMSX151.amr.corp.intel.com>
 <CACgnt78HGux17mg9w5vM8HP9tHnRzfkwxfQhqdQYyS_ceydk0w@mail.gmail.com>
 <76DE84138CBE89489874B70B432D8F9BC7E3AB99@FMSMSX151.amr.corp.intel.com>
 <CACgnt79AnPW26=Zo8jLWKNi3Q8uR4HizgAGzK5Og_AAFg+ycJg@mail.gmail.com>
 <4A89E2EF3DFEDB4C8BFDE51014F606A14E33A89E@SHSMSX104.ccr.corp.intel.com>
In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E33A89E@SHSMSX104.ccr.corp.intel.com>
From: Rafael Machado <rafaelrodrigues.machado@gmail.com>
Date: Tue, 16 Oct 2018 08:09:40 -0300
Message-ID: <CACgnt7-7J40JZLKkLswwTbA10qg0X-Qdw04_naw7ecpoHhDQKA@mail.gmail.com>
To: "Gao, Liming" <liming.gao@intel.com>
Cc: "Zimmer, Vincent" <vincent.zimmer@intel.com>, 
 "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: Where to find the fix for security issue id 686
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 11:09:52 -0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thanks a lot Liming!

Em seg, 15 de out de 2018 =C3=A0s 23:10, Gao, Liming <liming.gao@intel.com>
escreveu:

> Rafael:
>   https://bugzilla.tianocore.org/show_bug.cgi?id=3D686 public now. You ca=
n
> view it. I also send the patches to fix it. Please check.
>
> Thanks
> Liming
> >-----Original Message-----
> >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> >Rafael Machado
> >Sent: Tuesday, October 16, 2018 8:41 AM
> >To: Zimmer, Vincent <vincent.zimmer@intel.com>
> >Cc: edk2-devel@lists.01.org
> >Subject: Re: [edk2] Where to find the fix for security issue id 686
> >
> >I understood this issue's fix was already released at some branch.
> >With your message things make sense again.
> >
> >In this case I can wait for this fix to be publicly available.
> >Thanks for the clarification!
> >
> >Best Regards
> >Rafael
> >
> >Em seg, 15 de out de 2018 =C3=A0s 16:42, Zimmer, Vincent <
> >vincent.zimmer@intel.com> escreveu:
> >
> >> Ah ok
> >>
> >>
> >>
> >> From
> >>
> https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-
> >Issues
> >> you will see that issues are only visible to the report and infosec
> group
> >> of Bugzilla, namely =E2=80=9CIssues in the *Tianocore Security Issue* =
product
> are
> >> only visible to the *Reporter* of the issue and the members of the
> >> *infosec* group. =E2=80=9D
> >>
> >>
> >>
> >> Since you were not the reporter of 686 and are not part of infosec, yo=
u
> >> cannot see it.
> >>
> >>
> >>
> >> If you or anyone in the community would like to help work these issues
> >> while in triage and embargo, let me know and we can add you to the
> infosec
> >> group.
> >>
> >>
> >>
> >> Vincent
> >>
> >>
> >>
> >> *From:* Rafael Machado [mailto:rafaelrodrigues.machado@gmail.com]
> >> *Sent:* Monday, October 15, 2018 12:17 PM
> >> *To:* Zimmer, Vincent <vincent.zimmer@intel.com>
> >> *Cc:* edk2-devel@lists.01.org
> >> *Subject:* Re: [edk2] Where to find the fix for security issue id 686
> >>
> >>
> >>
> >> Hi Vincent
> >>
> >>
> >>
> >> Thanks for the answer.
> >>
> >> The problem is that when I try to access this link I have this message=
:
> "You
> >> are not authorized to access bug #686."
> >>
> >>
> >>
> >> Any idea?
> >>
> >>
> >>
> >> Em seg, 15 de out de 2018 =C3=A0s 14:28, Zimmer, Vincent <
> >> vincent.zimmer@intel.com> escreveu:
> >>
> >> You can find reference to patches via the advisory entry
> >>
> >> "31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry
> >> https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-
> >tianocompress-bounds-checking-issues.html
> >> has an embedded link to
> >> https://bugzilla.tianocore.org/attachment.cgi?id=3D150
> >>
> >> Vincent
> >>
> >> -----Original Message-----
> >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> >> Rafael Machado
> >> Sent: Monday, October 15, 2018 5:39 AM
> >> To: edk2-devel@lists.01.org
> >> Subject: [edk2] Where to find the fix for security issue id 686
> >>
> >> Hi everyone
> >>
> >> I was tying to find the patch to fix the reported security issue id 68=
6
> (
> >> https://bugzilla.tianocore.org/show_bug.cgi?id=3D686),
> >> but was not able to access it.
> >>
> >> Could someone please tell if this patch, or series of patches, was
> already
> >> merged to some branch that is public available?
> >>
> >> Thanks and Regards
> >> Rafael R. Machado
> >> _______________________________________________
> >> edk2-devel mailing list
> >> edk2-devel@lists.01.org
> >> https://lists.01.org/mailman/listinfo/edk2-devel
> >>
> >>
> >_______________________________________________
> >edk2-devel mailing list
> >edk2-devel@lists.01.org
> >https://lists.01.org/mailman/listinfo/edk2-devel
>