回复: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV recursion, round 2 (DXE Core)
gaoliming
gaoliming at byosoft.com.cn
Fri Nov 20 05:30:56 UTC 2020
Laszlo:
I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them.
In BZ, there is no CVE number. So, I want to confirm whether CVE number is required.
Thanks
Liming
> -----邮件原件-----
> 发件人: bounce+27952+67707+4905953+8761045 at groups.io
> <bounce+27952+67707+4905953+8761045 at groups.io> 代表 Laszlo Ersek
> 发送时间: 2020年11月19日 18:54
> 收件人: edk2-devel-groups-io <devel at edk2.groups.io>
> 抄送: Dandan Bi <dandan.bi at intel.com>; Hao A Wu <hao.a.wu at intel.com>;
> Jian J Wang <jian.j.wang at intel.com>; Liming Gao
> <gaoliming at byosoft.com.cn>; Philippe Mathieu-Daudé <philmd at redhat.com>
> 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV
> recursion, round 2 (DXE Core)
>
> Repo: https://pagure.io/lersek/edk2.git
> Branch: tianocore_1743_v2_resend
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
>
> "RESEND" because I'm publicly posting the patches from
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>.
>
> The Reviewed-by tags on the patches originate from
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>.
>
> Retested with Liming's reproducer; see
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>.
>
> This series targets edk2-stable202011. I plan to merge it later this
> week, based on Liming's R-b.
>
> Liming, highlighting TianoCore#1743 in the "proposed features" list
> could be useful.
>
> Cc: Dandan Bi <dandan.bi at intel.com>
> Cc: Hao A Wu <hao.a.wu at intel.com>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Cc: Liming Gao <gaoliming at byosoft.com.cn>
> Cc: Philippe Mathieu-Daudé <philmd at redhat.com>
>
> Thanks!
> Laszlo
>
> Laszlo Ersek (2):
> MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
> FindChildNode()
> MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion
>
> MdeModulePkg/MdeModulePkg.dec
> | 6 +++
> MdeModulePkg/MdeModulePkg.uni
> | 6 +++
> MdeModulePkg/Core/Dxe/DxeMain.inf
> | 1 +
> MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52
> +++++++++++++++++---
> 4 files changed, 59 insertions(+), 6 deletions(-)
>
> --
> 2.19.1.3.g30247aa5d201
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67742): https://edk2.groups.io/g/devel/message/67742
Mute This Topic: https://groups.io/mt/78383549/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list