On 10/14/19 18:15, Laszlo Ersek wrote: > David: another way to prevent the regression is to commit the current > patches, but disable them with a BOOLEAN PCD, by default. (This need not > be a feature PCD; it could even be dynamic.) Then platforms accepting > the SAN/GEN_IP regression temporarily could enable the PCD. This > solution would permit a separate (follow-up) series for the SAN/GEN_IP > case. We could file a reminder BZ now, and implement the "easy" solution > when we next rebase the openssl submodule. Would that be tolerable?
... to clarify, in this case, the upstream edk2 project should *not* claim to have fixed CVE-2019-14553, until the reminder BZ is also closed! The new BZ should actually block TianoCore#960. Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48914): https://edk2.groups.io/g/devel/message/48914 Mute This Topic: https://groups.io/mt/34307578/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-