Chao, If you would like to reference the USRT's Mantis ticket, Dick Wilkins created Mantis ticket 1604.
[USRT 0001604]: Bug found in SecuritPkg: DxeImageVerificationLib Thanks, Kevin 戴連輝 US mobile: +1 (503) 610-8080 US office: +1 (971) 222-3939 Taiwan mobile: +886-9-7071-9364 -----Original Message----- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Kevin Davis Sent: Thursday, April 14, 2016 4:09 PM To: Peter Jones <pjo...@redhat.com>; Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-de...@ml01.01.org; Laszlo Ersek <ler...@redhat.com>; Long, Qin <qin.l...@intel.com> Subject: Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT I agree with Peter. I just pinged the USRT about this. We can create a Mantis ticket for it and Chao can modify the Patch. Thanks, Kevin 戴連輝 US mobile: +1 (503) 610-8080 US office: +1 (971) 222-3939 Taiwan mobile: +886-9-7071-9364 -----Original Message----- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Peter Jones Sent: Thursday, April 14, 2016 1:31 PM To: Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-de...@ml01.01.org; Laszlo Ersek <ler...@redhat.com>; Long, Qin <qin.l...@intel.com> Subject: Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT On Thu, Apr 14, 2016 at 01:10:02AM +0000, Zhang, Chao B wrote: > Laszlo: > There is no CVE number. The issue was exposed during internal code > review. The code has been existing since 11/4/2014. So... why not? This is exactly the sort of issue that needs proper tracking. -- Peter _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
