On Tue, Jan 23, 2024 at 07:33:25PM -0800, Doug Flick via groups.io wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4535
>
> SECURITY PATCH - Unit Tests
>
> TCBZ4535
> CVE-2023-45230
> CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
> CWE-119 Improper Restriction of Operations within the Bounds
> of a Memory Buffer
I don't think this is needed here, this patch doesn't fix CVE-2023-45230
after all. A description of what the tests are checking would be more
useful.
> diff --git a/NetworkPkg/NetworkPkg.ci.yaml b/NetworkPkg/NetworkPkg.ci.yaml
> index 07dc7abd6938..0060f7a2cb8f 100644
> --- a/NetworkPkg/NetworkPkg.ci.yaml
> +++ b/NetworkPkg/NetworkPkg.ci.yaml
> @@ -7,73 +7,65 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
> {
> - "LicenseCheck": {
> - "IgnoreFiles": []
> - },
> + "LicenseCheck": { "IgnoreFiles": [] },
I guess this patch hooks the unit tests into CI. The whitespace changes
make changes file hard to read though. Two options to deal with that:
(1) avoid to reformat the file, or
(2) split the patch into two, one with only the whitespace changes
and one with the functional change.
thanks & take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114276): https://edk2.groups.io/g/devel/message/114276
Mute This Topic: https://groups.io/mt/103926732/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
