Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

On 10/19/18 09:09, Zeng, Star wrote: > Hi Laszlo, > > Cc Qin also. Qin and Chao are secure boot experts, I also had some talk > with them. > > On 2018/10/19 5:45, Laszlo Ersek wrote: >> Hi All, >> >> On 10/16/18 04:41, Star Zeng wrote: >>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415

Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

Hi Laszlo, Cc Qin also. Qin and Chao are secure boot experts, I also had some talk with them. On 2018/10/19 5:45, Laszlo Ersek wrote: Hi All, On 10/16/18 04:41, Star Zeng wrote: REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415 When SetVariable() to a time based auth variable with

Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

Hi All, On 10/16/18 04:41, Star Zeng wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415 > > When SetVariable() to a time based auth variable with APPEND_WRITE > attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in > the input Data is earlier than current value, it will

Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

On 10/18/18 15:43, Zeng, Star wrote: > Hi Laszlo, > > On 2018/10/18 21:09, Laszlo Ersek wrote: >> On a tangent: >> >> On 10/18/18 04:45, Zeng, Star wrote: >>> On 2018/10/18 2:27, Laszlo Ersek wrote: >> >>

Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

Hi Laszlo, On 2018/10/18 21:09, Laszlo Ersek wrote: On a tangent: On 10/18/18 04:45, Zeng, Star wrote: On 2018/10/18 2:27, Laszlo Ersek wrote: e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com">http://mid.mail-archive.com/e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com Sorry, I could not

Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

On a tangent: On 10/18/18 04:45, Zeng, Star wrote: > On 2018/10/18 2:27, Laszlo Ersek wrote: e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com">http://mid.mail-archive.com/e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com >>> Sorry, I could not access it. >> >> I'm unsure if you mean that you

Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

Hi Laszlo, On 2018/10/18 2:27, Laszlo Ersek wrote: +Stephano On 10/17/18 16:58, Zeng, Star wrote: On 2018/10/17 21:10, Laszlo Ersek wrote: I have requested earlier [1], and now I'm doing so again, that CVE fixes please all mention the CVE number in the *subject line*. When people look at

Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

+Stephano On 10/17/18 16:58, Zeng, Star wrote: > On 2018/10/17 21:10, Laszlo Ersek wrote: >> I have requested earlier [1], and now I'm doing so again, that CVE fixes >> please all mention the CVE number in the *subject line*. When people >> look at the commit log, or even just patch traffic on

Re: [edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

Hi Laszlo, On 2018/10/17 21:10, Laszlo Ersek wrote: Hi Star, On 10/16/18 04:41, Star Zeng wrote: REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415 When SetVariable() to a time based auth variable with APPEND_WRITE attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in the

[edk2] CVE-2018-3613 [was: MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE]

Hi Star, On 10/16/18 04:41, Star Zeng wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415 > > When SetVariable() to a time based auth variable with APPEND_WRITE > attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in > the input Data is earlier than current value, it will