From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::32f; helo=mail-ot1-x32f.google.com; envelope-from=rafaelrodrigues.machado@gmail.com; receiver=edk2-devel@lists.01.org Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0C1692116525D for ; Mon, 15 Oct 2018 17:37:42 -0700 (PDT) Received: by mail-ot1-x32f.google.com with SMTP id v2so13636632otk.1 for ; Mon, 15 Oct 2018 17:37:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nlNpZGctGHc7LgM5XmaXJdbQ5HznOrTy5UpRDxi2wro=; b=X82RVv3laxwNUSnvPliJCq9lVvtBGohe3hQFnVM3HlQWcJ/YL84lW7oD4oet+16b48 DmHL/Rk1G1EiNtbeIInFE+LE3kOyTRhol1XcfjxW18dVZw1m+SsW4CGIp78p6S4NamcI kb6t5570pqIKRzJjag1tKqz8HPa6uFdSkl+VFCz7yVyMke5y3+oEjxlf2xH+OYWjYCMZ sm+5zcLOS1hmyMkuQ4VBXLWQnL1Yqv5XjxXRHoVoOYSinPJ6+Z4ByReCqtxRfxOaVAUj hdS2BkTjMbaVzMgQThmAJF+btvzQYhS15eEswTPP3bIr/IUPiwTWu+DgrgBpply/SYPg BcMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nlNpZGctGHc7LgM5XmaXJdbQ5HznOrTy5UpRDxi2wro=; b=jFkkG3BxfObggFZv+0g6m4atu2q2rHaIgIlFyyy8+lG8H0keynvTEuAKGxu/Za/8R8 TE+btxN9Lby/b6OD80Nmz/T1HP+nPR3VlG5yY6d/Jnocup12wj3hafnS3IqjxEjBnRwW 2HM+9FFxN8Fkj30if5zqJI2aWU6VOufxgdxKZ+MLsdnJWIemx4h36M4wpCC3rG14ixy2 Q1RqtRrA4PVInB1oWesJ8I+HOWFnwqPKMr+mqDfpKlrfy18WMmYVltGJfZneRxtBWfJd wswPRNT8L5VfBrvHIyyLNBMcF57S2BL6viuqn8d72Oy4ZgT6M+DogCPjrqa3CtIhY8Kr GB7w== X-Gm-Message-State: ABuFfojbPB4Cx9ueqT+hbPqfTPoWVsVCgC0BnNYKM0nSmB8l/yZHmELA hfGMx/sKvHWX7E67zCGu8mut79X+4kWTxG56Kf3bdm4y X-Google-Smtp-Source: ACcGV62WtX3H+IPSypM+az+QJU1MZS5N+lW70uvflRw6Vdo98NXRa4GrBoKr0DN7eZl0WSout3E/33LD9HzRERfcQ8c= X-Received: by 2002:a9d:1b4c:: with SMTP id l70mr11891131otl.49.1539650261926; Mon, 15 Oct 2018 17:37:41 -0700 (PDT) MIME-Version: 1.0 References: <76DE84138CBE89489874B70B432D8F9BC7E3A103@FMSMSX151.amr.corp.intel.com> <76DE84138CBE89489874B70B432D8F9BC7E3AB99@FMSMSX151.amr.corp.intel.com> In-Reply-To: <76DE84138CBE89489874B70B432D8F9BC7E3AB99@FMSMSX151.amr.corp.intel.com> From: Rafael Machado Date: Mon, 15 Oct 2018 21:40:32 -0300 Message-ID: To: "Zimmer, Vincent" Cc: "edk2-devel@lists.01.org" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: Where to find the fix for security issue id 686 X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Oct 2018 00:37:43 -0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I understood this issue's fix was already released at some branch. With your message things make sense again. In this case I can wait for this fix to be publicly available. Thanks for the clarification! Best Regards Rafael Em seg, 15 de out de 2018 =C3=A0s 16:42, Zimmer, Vincent < vincent.zimmer@intel.com> escreveu: > Ah ok > > > > From > https://github.com/tianocore/tianocore.github.io/wiki/Reporting-Security-= Issues > you will see that issues are only visible to the report and infosec group > of Bugzilla, namely =E2=80=9CIssues in the *Tianocore Security Issue* pro= duct are > only visible to the *Reporter* of the issue and the members of the > *infosec* group. =E2=80=9D > > > > Since you were not the reporter of 686 and are not part of infosec, you > cannot see it. > > > > If you or anyone in the community would like to help work these issues > while in triage and embargo, let me know and we can add you to the infose= c > group. > > > > Vincent > > > > *From:* Rafael Machado [mailto:rafaelrodrigues.machado@gmail.com] > *Sent:* Monday, October 15, 2018 12:17 PM > *To:* Zimmer, Vincent > *Cc:* edk2-devel@lists.01.org > *Subject:* Re: [edk2] Where to find the fix for security issue id 686 > > > > Hi Vincent > > > > Thanks for the answer. > > The problem is that when I try to access this link I have this message: "= You > are not authorized to access bug #686." > > > > Any idea? > > > > Em seg, 15 de out de 2018 =C3=A0s 14:28, Zimmer, Vincent < > vincent.zimmer@intel.com> escreveu: > > You can find reference to patches via the advisory entry > > "31. EDK II TIANOCOMPRESS BOUNDS CHECKING ISSUES" advisory entry > https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompr= ess-bounds-checking-issues.html > has an embedded link to > https://bugzilla.tianocore.org/attachment.cgi?id=3D150 > > Vincent > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Rafael Machado > Sent: Monday, October 15, 2018 5:39 AM > To: edk2-devel@lists.01.org > Subject: [edk2] Where to find the fix for security issue id 686 > > Hi everyone > > I was tying to find the patch to fix the reported security issue id 686 ( > https://bugzilla.tianocore.org/show_bug.cgi?id=3D686), > but was not able to access it. > > Could someone please tell if this patch, or series of patches, was alread= y > merged to some branch that is public available? > > Thanks and Regards > Rafael R. Machado > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > >