Doug: Thanks for your clarification. For the changes in MdePkg and EmulatorPkg, I have no comments. Reviewed-by: Liming Gao <[email protected]>
Thanks Liming 发件人: Doug Flick via groups.io <[email protected]> 发送时间: 2024年5月10日 2:26 收件人: gaoliming <[email protected]>; [email protected] 主题: Re: [edk2-devel] 回复: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 >From the two CVE patches there should be no functional differences to a >platform assuming the platform provides them with a RNG implementation and >HASH2 implementation. The "NetworkPkg:: SECURITY PATCH CVE-2023-45237" change simply get's it's random numbers from outside of the NetworkPkg and makes it a platform decision. The "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236" changes how the TCP Isn number is generated and puts the platform in compliance with the relevant specification. There is a functional change with "SecurityPkg: RngDxe: Remove incorrect limitation on GetRng" as this will now allow a caller to call less than 32 bytes. The other changes are unit tests and platform integration changes. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118897): https://edk2.groups.io/g/devel/message/118897 Mute This Topic: https://groups.io/mt/106106240/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
