Yes. I recommend to merge to stable202008.
> -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek > Sent: Wednesday, September 2, 2020 2:35 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com> > Cc: Wang, Jian J <jian.j.w...@intel.com>; Xu, Min M <min.m...@intel.com>; > Wenyi Xie <xiewen...@huawei.com>; Philippe Mathieu-Daudé > <phi...@redhat.com>; Liming Gao (Byosoft address) > <gaolim...@byosoft.com.cn> > Subject: Re: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: > catch alignment overflow (CVE-2019-14562) > > (+Liming, +Phil) > > On 09/02/20 06:02, Yao, Jiewen wrote: > > The series (1~3) is reviewed-by: Jiewen Yao <jiewen....@intel.com> > > Thank you Everyone for the reviews and testing. > > Jiewen: do you think we should merge this series into the master branch > before edk2-stable202008? I think it qualifies (it is a CVE fix), but I > would like *you* to decide about it. > > Thanks > Laszlo > > > > > Thank you > > Yao Jiewen > > > >> -----Original Message----- > >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo > Ersek > >> Sent: Tuesday, September 1, 2020 5:12 PM > >> To: edk2-devel-groups-io <devel@edk2.groups.io> > >> Cc: Wang, Jian J <jian.j.w...@intel.com>; Yao, Jiewen > <jiewen....@intel.com>; > >> Xu, Min M <min.m...@intel.com>; Wenyi Xie <xiewen...@huawei.com> > >> Subject: [edk2-devel] [PATCH 0/3] SecurityPkg/DxeImageVerificationLib: > catch > >> alignment overflow (CVE-2019-14562) > >> > >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 > >> Repo: https://pagure.io/lersek/edk2.git > >> Branch: tianocore_2215 > >> > >> I'm neutral on whether this becomes part of edk2-stable202008. > >> > >> Cc: Jian J Wang <jian.j.w...@intel.com> > >> Cc: Jiewen Yao <jiewen....@intel.com> > >> Cc: Min Xu <min.m...@intel.com> > >> Cc: Wenyi Xie <xiewen...@huawei.com> > >> > >> Thanks, > >> Laszlo > >> > >> Laszlo Ersek (3): > >> SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, > >> SecDataDirLeft > >> SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size > >> check > >> SecurityPkg/DxeImageVerificationLib: catch alignment overflow > >> (CVE-2019-14562) > >> > >> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 16 > >> ++++++++++++---- > >> 1 file changed, 12 insertions(+), 4 deletions(-) > >> > >> -- > >> 2.19.1.3.g30247aa5d201 > >> > >> > >> > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64946): https://edk2.groups.io/g/devel/message/64946 Mute This Topic: https://groups.io/mt/76552538/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-