On 02/14/20 08:27, Wang, Jian J wrote: >> v2 changes: >> - Change IsCertHashFoundInDatabase to IsCertHashFoundInDbx (patch 10) >> - Update result handling to all calling to IsCertHashFoundInDatabase >> to be consistent (patch 6) >> - Fix commit message and title length issue caught by PatchCheck tool > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 > Patch branch: > https://github.com/jwang36/edk2/tree/fix-bz1608-bypass-blacklist-check-via-signature-v2 > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > > Jian J Wang (9): > SecurityPkg/DxeImageVerificationLib: Fix memory leaks(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0 > per DBX(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in > IsAllowedByDb(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching > dbx(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching > code(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: Differentiate error/search result > (1)(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: tighten default > result(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: Differentiate error/search result > (2)(CVE-2019-14575) > SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase > name(CVE-2019-14575) > > Laszlo Ersek (1): > SecurityPkg/DxeImageVerificationLib: plug Data leak in > IsForbiddenByDbx()(CVE-2019-14575) > > .../DxeImageVerificationLib.c | 291 ++++++++++++------ > 1 file changed, 198 insertions(+), 93 deletions(-) >
Please put a space character in all the subject lines before the "(CVE-2019-14575)" part. Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54540): https://edk2.groups.io/g/devel/message/54540 Mute This Topic: https://groups.io/mt/71264897/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-