From: "Saloni Kasbekar" <saloni.kasbekar@intel.com>
To: "Douglas Flick [MSFT]" <doug.edk2@gmail.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "Clark-williams, Zachary" <zachary.clark-williams@intel.com>,
Andrew Fish <afish@apple.com>,
Leif Lindholm <quic_llindhol@quicinc.com>
Subject: Re: [edk2-devel] [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg
Date: Mon, 12 Feb 2024 17:17:55 +0000 [thread overview]
Message-ID: <SN7PR11MB82810200F157970DAABE4502F1482@SN7PR11MB8281.namprd11.prod.outlook.com> (raw)
In-Reply-To: <cover.1707534069.git.doug.edk2@gmail.com>
Hi Mike,
Could you please consider taking this for the edk2-stable202402 patches? While they weren't part of the bugs reported by Quarkslab, they follow a similar pattern and expose similar vulnerabilities to the bugs reported. My recommendation would be to pull in these changes for the stable release so that we have all the known vulnerabilities fixed as a part of the release.
Thanks,
Saloni
-----Original Message-----
From: Douglas Flick [MSFT] <doug.edk2@gmail.com>
Sent: Friday, February 9, 2024 7:05 PM
To: devel@edk2.groups.io
Cc: Douglas Flick [MSFT] <doug.edk2@gmail.com>; Kasbekar, Saloni <saloni.kasbekar@intel.com>; Clark-williams, Zachary <zachary.clark-williams@intel.com>; Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, Michael D <michael.d.kinney@intel.com>
Subject: [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg
After talking with Micheal Kinney, I was advised to resend these with edk2-stable202402, and CC Stewards.
These patches are time sensitive and need reviews.
This patch series corrects an additional security concern found in Dhc6Dxe related to CVE-2023-45229.
Additionally this fixes some issues on the mailing list that were not pulled in before merging into Edk2.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Doug Flick (3):
[edk2-stable202402] NetworkPkg: Dhcp6Dxe: SECURITY PATCH
CVE-2023-45229 Related Patch
[edk2-stable202402] NetworkPkg: Dhcp6Dxe: Additional Code Cleanup
[edk2-stable202402] NetworkPkg: : Updating SecurityFixes.yaml
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 232 +++++++++++++++++------------
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 20 +--
NetworkPkg/SecurityFixes.yaml | 1 +
3 files changed, 141 insertions(+), 112 deletions(-)
--
2.43.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115366): https://edk2.groups.io/g/devel/message/115366
Mute This Topic: https://groups.io/mt/104272125/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
prev parent reply other threads:[~2024-02-12 17:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-10 3:04 [edk2-devel] [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg Doug Flick via groups.io
2024-02-10 3:04 ` [edk2-devel] [PATCH 1/3] [edk2-stable202402] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch Doug Flick via groups.io
2024-02-12 17:14 ` Saloni Kasbekar
2024-02-12 18:56 ` Leif Lindholm
2024-02-10 3:04 ` [edk2-devel] [PATCH 2/3] [edk2-stable202402] NetworkPkg: Dhcp6Dxe: Additional Code Cleanup Doug Flick via groups.io
2024-02-12 17:14 ` Saloni Kasbekar
2024-02-12 19:16 ` Leif Lindholm
2024-02-12 19:31 ` Doug Flick via groups.io
2024-02-10 3:04 ` [edk2-devel] [PATCH 3/3] [edk2-stable202402] NetworkPkg: : Updating SecurityFixes.yaml Doug Flick via groups.io
2024-02-12 17:14 ` Saloni Kasbekar
2024-02-12 17:14 ` [edk2-devel] [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg Doug Flick via groups.io
2024-02-12 17:17 ` Saloni Kasbekar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SN7PR11MB82810200F157970DAABE4502F1482@SN7PR11MB8281.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox