Hi Liming, On 10/22/18 17:18, Liming Gao wrote: > In V2, update commit message with fixed CVE number. > > Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735 > https://bugzilla.tianocore.org/show_bug.cgi?id=686 > > Liming Gao (3): > MdePkg: Add more checker in UefiDecompressLib to access the valid > buffer only(CVE FIX) > IntelFrameworkModulePkg: Add more checker in > UefiTianoDecompressLib(CVE FIX) > BaseTools: Add more checker in Decompress algorithm to access the > valid buffer(CVE FIX) > > BaseTools/Source/C/Common/Decompress.c | 23 +++++++++++++++++-- > BaseTools/Source/C/TianoCompress/TianoCompress.c | 26 > +++++++++++++++++++++- > .../BaseUefiTianoCustomDecompressLib.c | 16 +++++++++++-- > .../BaseUefiDecompressLib/BaseUefiDecompressLib.c | 17 ++++++++++++-- > 4 files changed, 75 insertions(+), 7 deletions(-) >
in the subject lines, please add a space character before the string "(CVE FIX)". This can be done before pushing, of course. I haven't reviewed the patches for correctness, but formally, they look OK to me. I'm ACKing the set to confirm that. Thanks for the commit message updates. Acked-by: Laszlo Ersek <ler...@redhat.com> Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel