On 02/27/19 07:56, Wu, Hao A wrote: >> -----Original Message----- >> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of >> Laszlo Ersek >> Sent: Tuesday, February 26, 2019 7:45 PM >> To: Wu, Hao A; edk2-devel@lists.01.org >> Cc: Zeng, Star >> Subject: Re: [edk2] [PATCH v2 0/2] MdeModulePkg: Resolve buffer cross >> boundary access in Ramdisk >> >> On 02/26/19 08:45, Hao Wu wrote: >>> V2 changes: >>> >>> Correct CC list information. >>> >>> >>> V1 history: >>> >>> The series will resolve a buffer cross boundary access issue during the >>> use of RAM disks. It is the mitigation for issue CVE-2018-12180. >>> >>> Cc: Jian J Wang <jian.j.w...@intel.com> >>> Cc: Ray Ni <ray...@intel.com> >>> Cc: Star Zeng <star.z...@intel.com> >>> >>> Hao Wu (2): >>> MdeModulePkg/PartitionDxe: Ensure blocksize can hold MBR (CVE FIX) >>> MdeModulePkg/RamDiskDxe: Ramdisk size be multiple of BlkSize (CVE >> FIX) >>> >>> MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h | 6 +++--- >>> MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 9 ++++++++- >>> MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c | 9 ++++++++- >>> MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c | 20 >> ++++++++++++++------ >>> MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c | 5 +++-- >>> 5 files changed, 36 insertions(+), 13 deletions(-) >>> >> >> Please put the exact CVE numbers in the subject lines. > > Hello Laszlo and Liming, > > I totally agree the commit subject line should include the CVE number. > But I have one feedback that, if the commit is for a CVE fix, is it > possible to exempt the commit subject from 71 characters limit?
In my opinion, that is absolutely the case. > I found it can be hard to summary the commit with the Package/Module plus > the CVE number information. I agree, it is hard. But, IMO, in this case, the precise CVE reference takes priority. Thanks Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
