From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io, gua.guo@intel.com
Cc: Gerd Hoffmann <kraxel@redhat.com>,
"Mathews, John" <john.mathews@intel.com>,
"Zimmer, Vincent" <vincent.zimmer@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob()
Date: Thu, 11 Jan 2024 09:43:29 +0100 [thread overview]
Message-ID: <CAMj1kXFWBNkq6mUcxPeR_juDzJ5B-tAQtCEUPpUz-yzzxp47gA@mail.gmail.com> (raw)
In-Reply-To: <BL1PR11MB5478519756DCCA8277CC4C46EF682@BL1PR11MB5478.namprd11.prod.outlook.com>
On Thu, 11 Jan 2024 at 09:35, Guo, Gua <gua.guo@intel.com> wrote:
>
> CC: @Mathews, John and @Zimmer, Vincent
>
> Hi @Gerd Hoffmann
>
> My company teammate share me your patch can resolved https://bugzilla.tianocore.org/show_bug.cgi?id=4166. So the signed-off name is your name.
>
Again, a signed-off-by line is *not* a statement of authorship. You
*cannot* add it on someone else's behalf if you want to credit the
author.
A signed-off-by line is a statement by the contributor of the code to
indicate that the contributed code is made available under conditions
that are in agreement with the open source license of the project.
If you want to credit the author, you can mention their name in the
commit log, or add some other tag (authored-by, for example).
If you want to contribute code by another author, and you know you are
able to do so under the terms, you should indicate so by adding your
own signed-off line to the patch.
Thanks,
Ard.
> If you have any concern, you can also share for me, if you don't have concern please also let me know, before merging it.
>
> It's PR https://github.com/tianocore/edk2/pull/5252/
>
> Thanks,
> Gua
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guo, Gua
> Sent: Thursday, January 11, 2024 1:15 PM
> To: devel@edk2.groups.io
> Cc: Guo, Gua <gua.guo@intel.com>
> Subject: [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob()
>
> From: Gua Guo <gua.guo@intel.com>
>
> Fix Integer Overflow for CVE-2022-36765
> 1. UefiPayloadPkg/Hob: Integer Overflow in CreateHob() 2. StandaloneMmPkg/Hob: Integer Overflow in CreateHob() 3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() 4. MdeModulePkg/Hob: Integer Overflow in CreateHob()
>
>
> Gerd Hoffmann (4):
> UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
> StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
> EmbeddedPkg/Hob: Integer Overflow in CreateHob()
> MdeModulePkg/Hob: Integer Overflow in CreateHob()
>
> EmbeddedPkg/Library/PrePiHobLib/Hob.c | 6 ++++++
> MdeModulePkg/Core/Pei/Hob/Hob.c | 2 +-
> .../StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c | 6 ++++++
> UefiPayloadPkg/Library/PayloadEntryHobLib/Hob.c | 6 ++++++
> 4 files changed, 19 insertions(+), 1 deletion(-)
>
> --
> 2.39.2.windows.1
>
>
>
>
>
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113594): https://edk2.groups.io/g/devel/message/113594
Mute This Topic: https://groups.io/mt/103657270/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-01-11 8:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <17A9331C4FE606BC.28944@groups.io>
2024-01-11 8:35 ` [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob() Guo, Gua
2024-01-11 8:43 ` Ard Biesheuvel [this message]
2024-01-11 5:15 Guo, Gua
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXFWBNkq6mUcxPeR_juDzJ5B-tAQtCEUPpUz-yzzxp47gA@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox