Accepted edk2 2025.02-8 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted edk2 2025.02-8 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 13 May 2025 02:45:10 +0000
Message-id: <[🔎] E1uEfdm-0082oE-M6@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 12 May 2025 20:18:11 -0600
Source: edk2
Architecture: source
Version: 2025.02-8
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Closes: 1102519 1103906
Changes:
 edk2 (2025.02-8) unstable; urgency=medium
 .
   * ovmf, ovmf-ia32, qemu-efi-aarch64: Uninstall the EFI_MEMORY_ATTRIBUTE
     protocol by default in the *.secboot.fd variants to avoid boot crashes
     with incompatible guest operating systems. This is to give virtual
     machine managers like libvirt and incus a release cycle to determine how
     to handle these guests. Add new *.secboot.strictnx.fd variants that users
     can opt-in to to benefit from NX security features. EFI_MEMORY_ATTRIBUTE
     support will be restored for all *.secboot.fd images at the start of
     the next devel cycle, at which point *.secboot.strictnx.fd will become
     symlink aliases. Note this in NEWS.Debian and README.Debian files.
     (Closes: #1103906).
   * Fix out-of-bounds read in HashPeImageByType(), CVE-2024-38797.
     (Closes: #1102519):
     - d/p/0001-SecurityPkg-Out-of-bound-read-in-HashPeImageByType.patch
     - d/p/0002-SecurityPkg-Improving-HashPeImageByType-logic.patch
     - d/p/0003-SecurityPkg-Improving-SecureBootConfigImpl-HashPeIma.patch
     - d/p/0004-SecurityPkg-Update-SecurityFixes.yaml-for-CVE-2024-3.patch
Checksums-Sha1:
 691ad9dae9c4f38a2b1323d4e96309170936b0cc 2551 edk2_2025.02-8.dsc
 6228f4da544a9036f2f65f35e1c651fecb7f96c3 50944 edk2_2025.02-8.debian.tar.xz
 be394e61d4fdfccaf952c2cbf2f0999a2ae6f576 11690 edk2_2025.02-8_source.buildinfo
Checksums-Sha256:
 890b781c03b92aa316cd08aebebb34981057df404f9ffcdd22fac26c15c33ba0 2551 edk2_2025.02-8.dsc
 1b3fdc9b557ed3e040f3a68aef13817c266ce11a010db3e8d371d3c1092a4e5f 50944 edk2_2025.02-8.debian.tar.xz
 f833eb256b8da4c02d421f029350a0c06210f0b4f204474dc8c744fdac36f33a 11690 edk2_2025.02-8_source.buildinfo
Files:
 13feed63d20882df46bde482d9b4a096 2551 misc optional edk2_2025.02-8.dsc
 ba761096bec85e6c9598aacfd16c812d 50944 misc optional edk2_2025.02-8.debian.tar.xz
 1cfbe6ba50a774d2cf1594c7e84409d9 11690 misc optional edk2_2025.02-8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iIcEARYKAC8WIQQoGlxLiiPDxHQh9i5UW4ZA9GI6WAUCaCKsJhEcZGFubmZAZGVi
aWFuLm9yZwAKCRBUW4ZA9GI6WBLOAP9YvlgAoIQW1+kxkYkZ1Odciet2BJeWL6JH
dMqJ1/OAOwEAvAVPbMb6Q9LnARB2izg0FTIPrTTKoHYsvXsVZztlRAM=
=2Djz
-----END PGP SIGNATURE-----

Attachment: pgp0Ze0IhfCTz.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted curl 8.14.0~rc2-1+exp1 (source) into experimental
Next by Date: Accepted redis 5:8.0.0-2 (source) into unstable
Previous by thread: Accepted curl 8.14.0~rc2-1+exp1 (source) into experimental
Next by thread: Accepted redis 5:8.0.0-2 (source) into unstable
Index(es):
- Date
- Thread