Bug#952934: marked as done (CVE-2019-14563)

Fri, 13 Mar 2020 17:39:38 -0700 

Your message dated Sat, 14 Mar 2020 00:35:17 +0000
with message-id <[email protected]>
and subject line Bug#952934: fixed in edk2 0~20200229.4c0f6e34-1
has caused the Debian Bug report #952934,
regarding CVE-2019-14563
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
952934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952934
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: edk2
Severity: important
Tags: security

This was assigned CVE-2019-14563:
https://bugzilla.tianocore.org/show_bug.cgi?id=2001

Patch:
https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: edk2
Source-Version: 0~20200229.4c0f6e34-1
Done: dann frazier <[email protected]>

We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
dann frazier <[email protected]> (supplier of updated edk2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Mar 2020 16:05:49 -0600
Source: edk2
Architecture: source
Version: 0~20200229.4c0f6e34-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: dann frazier <[email protected]>
Closes: 952926 952934 952935
Changes:
 edk2 (0~20200229.4c0f6e34-1) unstable; urgency=medium
 .
   * New upstream release, based on edk2-stable202002 tag.
     - Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
       (Closes: #952934)
     - Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
     - Clear memory before free to avoid potential password leak.
       (CVE-2019-14558)
     - Fix double-unmap in SdMmcCreateTrb(). This did not impact any
       of the images built from this package. (CVE-2019-14587)
     - Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
     - Fix issue that could allow an efi image with a blacklisted hash in the
       dbx to be loaded. (CVE-2019-14575) (Closes: #952935)
     - Fix a memory leak in the ARP handler. (CVE-2019-14559) (Closes: #952926)
     - Refresh patches:
        + debian/patches/no-missing-braces.diff
        + debian/patches/no-stack-protector-all-archs.diff
Checksums-Sha1:
 0e8b309a9fcb30c46fbf1f4e087a4f278393762b 2848 edk2_0~20200229.4c0f6e34-1.dsc
 4018a25d8b3e3d11ecc87270773f1d543f099ba8 7077 
edk2_0~20200229.4c0f6e34.orig-qemu-ovmf-secureboot-1-1-3.tar.gz
 08cf0be7ac9cfa848879cbb6110cbf98694b9dbd 14566856 
edk2_0~20200229.4c0f6e34.orig.tar.xz
 e4b44f955b84189555c4771bf63cee7a278c7aff 28948 
edk2_0~20200229.4c0f6e34-1.debian.tar.xz
 1a47bca3bf10152a0f77d09c23cadaa4cbe806f7 10345 
edk2_0~20200229.4c0f6e34-1_source.buildinfo
Checksums-Sha256:
 99f222df6922df42b1f489d6b77847379b9076eb117688fee36cb40b9c397b75 2848 
edk2_0~20200229.4c0f6e34-1.dsc
 f0874d37e5d0a72c27d5f717cb161fd48d252f26bfaf74ebc5761e36b3992363 7077 
edk2_0~20200229.4c0f6e34.orig-qemu-ovmf-secureboot-1-1-3.tar.gz
 703ff624eaf2bf282e5a926c72345edcb5345de4d6f48f379c29d8a89678cc54 14566856 
edk2_0~20200229.4c0f6e34.orig.tar.xz
 a6dcf49322210e1311448cacaf9acc2023db65d5e0748b3bd99b505052648881 28948 
edk2_0~20200229.4c0f6e34-1.debian.tar.xz
 1489833ebea1fe6f8acf5229f7db247fccb2824a8012c1b8ab1f0731500d2c42 10345 
edk2_0~20200229.4c0f6e34-1_source.buildinfo
Files:
 f3cd08ee6723e1edaca5b6863127e526 2848 misc optional 
edk2_0~20200229.4c0f6e34-1.dsc
 a29d393bad8ee2dd6acac99ebb116e86 7077 misc optional 
edk2_0~20200229.4c0f6e34.orig-qemu-ovmf-secureboot-1-1-3.tar.gz
 488a185064158faed8b41c2a70e62a3d 14566856 misc optional 
edk2_0~20200229.4c0f6e34.orig.tar.xz
 59f9d8630c5115e9d3ea2754b2c21627 28948 misc optional 
edk2_0~20200229.4c0f6e34-1.debian.tar.xz
 e7418dbe530569b63c824befc89b4947 10345 misc optional 
edk2_0~20200229.4c0f6e34-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAl5sIkQRHGRhbm5mQGRl
Ymlhbi5vcmcACgkQG/g8XlT8hkCc/w/+OewKD/LvYpsQmJqzZiaj0uQHoXcmESun
GwPxCQ3xZsZ4/bJAvaiCEF+DaECdh3fP4TJLcOrEOf7XHVRowS5hTVvcBTKBrGJu
z5oy9GDF/lS+5Ru1jU5GthP9KDeJKQJbgtnbul0zh0LAqIPk9nyj8JeEkOpAhDKN
5bskxE22zh68YqwUHhPOnelRSHE1/yjv3nWZk+LRvGFuMJVj4Bb2pVsTLglivAvP
6obPTo9EcVzRYae0fFhoy3IYc2LwEK5RAfoZjsG8GIn9RMQG6IHXQL8TkP1RTco/
s/4kV0wpeahCS1TvofOH+6riObbaGFiPkK9R7XEe6oM7CM6WWtjHrNt0BQzqU66E
1MjCsTbJeQbxeJJGJrVKfY9FqNZpAivPORyElGYu0bgUAzsl/n+1AJvkOa0Hz69o
ASlIbJgkAUsMQ78MoYrEJtYfs+FsN8gLVrp9kcGfxKWFOLnW3TdQt6ODfNJwDkYs
GPzMKdNOdsQa/wMFCaJhUysqBhZDm/IsY2b7oRONRaMkq3eyRWuAmpsSAFFSYwJu
Gpf+m1VtsM81SKl2y698ISGN52SEBDAyVdhVwWfUkZKBkux/X0ciqIUfC64QhW97
dSzBPyje1icm0dGuNttCSNGFfNCLmcCY19mHVnEGcStR0tPkI9OV/gRnf6pJfmff
3wygKkpig74=
=pEnn
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to