On Tue, Jan 23, 2024 at 07:33:25PM -0800, Doug Flick via groups.io wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4535 > > SECURITY PATCH - Unit Tests > > TCBZ4535 > CVE-2023-45230 > CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H > CWE-119 Improper Restriction of Operations within the Bounds > of a Memory Buffer
I don't think this is needed here, this patch doesn't fix CVE-2023-45230 after all. A description of what the tests are checking would be more useful. > diff --git a/NetworkPkg/NetworkPkg.ci.yaml b/NetworkPkg/NetworkPkg.ci.yaml > index 07dc7abd6938..0060f7a2cb8f 100644 > --- a/NetworkPkg/NetworkPkg.ci.yaml > +++ b/NetworkPkg/NetworkPkg.ci.yaml > @@ -7,73 +7,65 @@ > # SPDX-License-Identifier: BSD-2-Clause-Patent > ## > { > - "LicenseCheck": { > - "IgnoreFiles": [] > - }, > + "LicenseCheck": { "IgnoreFiles": [] }, I guess this patch hooks the unit tests into CI. The whitespace changes make changes file hard to read though. Two options to deal with that: (1) avoid to reformat the file, or (2) split the patch into two, one with only the whitespace changes and one with the functional change. thanks & take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114276): https://edk2.groups.io/g/devel/message/114276 Mute This Topic: https://groups.io/mt/103926732/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-