Accepted edk2 0~20200229.4c0f6e34-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 13 Mar 2020 16:05:49 -0600
Source: edk2
Architecture: source
Version: 0~20200229.4c0f6e34-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Closes: 952926 952934 952935
Changes:
edk2 (0~20200229.4c0f6e34-1) unstable; urgency=medium
.
* New upstream release, based on edk2-stable202002 tag.
- Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
(Closes: #952934)
- Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
- Clear memory before free to avoid potential password leak.
(CVE-2019-14558)
- Fix double-unmap in SdMmcCreateTrb(). This did not impact any
of the images built from this package. (CVE-2019-14587)
- Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
- Fix issue that could allow an efi image with a blacklisted hash in the
dbx to be loaded. (CVE-2019-14575) (Closes: #952935)
- Fix a memory leak in the ARP handler. (CVE-2019-14559) (Closes: #952926)
- Refresh patches:
+ debian/patches/no-missing-braces.diff
+ debian/patches/no-stack-protector-all-archs.diff
Checksums-Sha1:
0e8b309a9fcb30c46fbf1f4e087a4f278393762b 2848 edk2_0~20200229.4c0f6e34-1.dsc
4018a25d8b3e3d11ecc87270773f1d543f099ba8 7077 edk2_0~20200229.4c0f6e34.orig-qemu-ovmf-secureboot-1-1-3.tar.gz
08cf0be7ac9cfa848879cbb6110cbf98694b9dbd 14566856 edk2_0~20200229.4c0f6e34.orig.tar.xz
e4b44f955b84189555c4771bf63cee7a278c7aff 28948 edk2_0~20200229.4c0f6e34-1.debian.tar.xz
1a47bca3bf10152a0f77d09c23cadaa4cbe806f7 10345 edk2_0~20200229.4c0f6e34-1_source.buildinfo
Checksums-Sha256:
99f222df6922df42b1f489d6b77847379b9076eb117688fee36cb40b9c397b75 2848 edk2_0~20200229.4c0f6e34-1.dsc
f0874d37e5d0a72c27d5f717cb161fd48d252f26bfaf74ebc5761e36b3992363 7077 edk2_0~20200229.4c0f6e34.orig-qemu-ovmf-secureboot-1-1-3.tar.gz
703ff624eaf2bf282e5a926c72345edcb5345de4d6f48f379c29d8a89678cc54 14566856 edk2_0~20200229.4c0f6e34.orig.tar.xz
a6dcf49322210e1311448cacaf9acc2023db65d5e0748b3bd99b505052648881 28948 edk2_0~20200229.4c0f6e34-1.debian.tar.xz
1489833ebea1fe6f8acf5229f7db247fccb2824a8012c1b8ab1f0731500d2c42 10345 edk2_0~20200229.4c0f6e34-1_source.buildinfo
Files:
f3cd08ee6723e1edaca5b6863127e526 2848 misc optional edk2_0~20200229.4c0f6e34-1.dsc
a29d393bad8ee2dd6acac99ebb116e86 7077 misc optional edk2_0~20200229.4c0f6e34.orig-qemu-ovmf-secureboot-1-1-3.tar.gz
488a185064158faed8b41c2a70e62a3d 14566856 misc optional edk2_0~20200229.4c0f6e34.orig.tar.xz
59f9d8630c5115e9d3ea2754b2c21627 28948 misc optional edk2_0~20200229.4c0f6e34-1.debian.tar.xz
e7418dbe530569b63c824befc89b4947 10345 misc optional edk2_0~20200229.4c0f6e34-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAl5sIkQRHGRhbm5mQGRl
Ymlhbi5vcmcACgkQG/g8XlT8hkCc/w/+OewKD/LvYpsQmJqzZiaj0uQHoXcmESun
GwPxCQ3xZsZ4/bJAvaiCEF+DaECdh3fP4TJLcOrEOf7XHVRowS5hTVvcBTKBrGJu
z5oy9GDF/lS+5Ru1jU5GthP9KDeJKQJbgtnbul0zh0LAqIPk9nyj8JeEkOpAhDKN
5bskxE22zh68YqwUHhPOnelRSHE1/yjv3nWZk+LRvGFuMJVj4Bb2pVsTLglivAvP
6obPTo9EcVzRYae0fFhoy3IYc2LwEK5RAfoZjsG8GIn9RMQG6IHXQL8TkP1RTco/
s/4kV0wpeahCS1TvofOH+6riObbaGFiPkK9R7XEe6oM7CM6WWtjHrNt0BQzqU66E
1MjCsTbJeQbxeJJGJrVKfY9FqNZpAivPORyElGYu0bgUAzsl/n+1AJvkOa0Hz69o
ASlIbJgkAUsMQ78MoYrEJtYfs+FsN8gLVrp9kcGfxKWFOLnW3TdQt6ODfNJwDkYs
GPzMKdNOdsQa/wMFCaJhUysqBhZDm/IsY2b7oRONRaMkq3eyRWuAmpsSAFFSYwJu
Gpf+m1VtsM81SKl2y698ISGN52SEBDAyVdhVwWfUkZKBkux/X0ciqIUfC64QhW97
dSzBPyje1icm0dGuNttCSNGFfNCLmcCY19mHVnEGcStR0tPkI9OV/gRnf6pJfmff
3wygKkpig74=
=pEnn
-----END PGP SIGNATURE-----
Reply to: