On 03/08/19 07:41, Gao, Liming wrote: > This is to fix the security issue. I agree it is an import bug fix. I am OK > to push it for edk2-stable201903 tag
Me too. If we had stable *branches* (as opposed to just stable tags), then we wouldn't have to delay the stable tag (the release) -- we'd just apply the CVE fix to both the master branch (*after* the stable tag) and on the stable branch too. But our development workflow isn't there yet, so I guess we can delay the stable tag a bit more. I suggest updating the date in <https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning#edk2-stable201903-tag-planning>. Thanks! Laszlo >> -----Original Message----- >> From: Wang, Jian J >> Sent: Thursday, March 7, 2019 7:17 PM >> To: Ni, Ray <ray...@intel.com>; edk2-devel@lists.01.org >> Cc: Cetola, Stephano <stephano.cet...@intel.com>; Gao, Liming >> <liming....@intel.com> >> Subject: RE: [edk2] [PATCH v2 0/2] Fix bugs in HiiDatabase driver >> >> Hi all, >> >> This is a very important fix for this issue. If no objection, I'd like the >> patch be part of this stable tag. >> >> >> As to this patch series, >> >> Reviewed-by: Jian J Wang <jian.j.w...@intel.com> >> >> >>> -----Original Message----- >>> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Ray >>> Ni >>> Sent: Friday, March 08, 2019 10:35 AM >>> To: edk2-devel@lists.01.org >>> Subject: [edk2] [PATCH v2 0/2] Fix bugs in HiiDatabase driver >>> >>> v2: put the CVE number in patch title. >>> >>> Ray Ni (2): >>> MdeModulePkg/HiiDatabase: Fix potential integer overflow >>> (CVE-2018-12181) >>> MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed >>> (CVE-2018-12181) >>> >>> MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 130 ++++++++++++++---- >>> 1 file changed, 105 insertions(+), 25 deletions(-) >>> >>> -- >>> 2.20.1.windows.1 >>> >>> _______________________________________________ >>> edk2-devel mailing list >>> edk2-devel@lists.01.org >>> https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
