On Wed, May 18, 2022 at 04:30:08PM +0000, Andrea zi0Black Cappa wrote: > This patch mitigates the vulnerability identified via CVE-2019-14196. > The previous patch was bypassed/ineffective, and now the vulnerability is > identified via CVE-2022-30767. The patch removes the sanity check introduced > to mitigate CVE-2019-14196 since it's ineffective. > filefh3_length is changed to unsigned type integer, preventing negative > numbers from being used during comparison with positive values during size > sanity checks. > > Signed-off-by: Andrea zi0Black Cappa <zi0bl...@protonmail.com>
Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: PGP signature
