-
edk2 (2020.05-5ubuntu0.2) groovy-security; urgency=medium
* SECURITY UPDATE: unlimited FV recursion
- debian/patches/CVE-2021-28210-1.patch: assert SectionInstance
invariant in FindChildNode() in
MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c.
- debian/patches/CVE-2021-28210-2.patch: limit FwVol encapsulation
section recursion in MdeModulePkg/Core/Dxe/DxeMain.inf,
MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c,
MdeModulePkg/MdeModulePkg.dec, MdeModulePkg/MdeModulePkg.uni.
- CVE-2021-28210
* SECURITY UPDATE: possible heap corruption in LzmaUefiDecompressGetInfo
- debian/patches/CVE-2021-28211.patch: catch 4GB+ uncompressed
buffer sizes in
MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c,
MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h.
- CVE-2021-28211
-- Marc Deslauriers <email address hidden> Mon, 12 Apr 2021 08:12:17 -0400
-
edk2 (2020.05-5ubuntu0.1) groovy-security; urgency=medium
* CryptoPkg/BaseCryptLib: fix NULL dereference (CVE-2019-14584)
-- dann frazier <email address hidden> Tue, 05 Jan 2021 16:31:45 -0700
-
edk2 (2020.05-5) unstable; urgency=medium
* Update snakeoil keys. Previous one expired 2019-12-01. New one
expires 2120-08-14.
-- dann frazier <email address hidden> Mon, 07 Sep 2020 13:23:29 -0600
-
edk2 (2020.05-4) unstable; urgency=medium
* Fix integer overflow in DxeImageVerificationHandler. (CVE-2019-14562)
(Closes: #968819)
- d/p/0001-SecurityPkg-DxeImageVerificationLib-extract-SecDataD.patch
- d/p/0002-SecurityPkg-DxeImageVerificationLib-assign-WinCertif.patch
- d/p/0003-SecurityPkg-DxeImageVerificationLib-catch-alignment-.patch
* Re-enable TPM support, which was accidentally disabled due to an
upstream build flag rename in 2020.05-1. LP: #1890646.
-- dann frazier <email address hidden> Wed, 02 Sep 2020 10:26:10 -0600
-
edk2 (2020.05-3ubuntu1) groovy; urgency=medium
* Enable TPM support (renamed from TPM2). LP: #1890646
-- Dimitri John Ledkov <email address hidden> Tue, 01 Sep 2020 11:17:54 +0100
-
edk2 (2020.05-3) unstable; urgency=medium
* Provide 4MB OVMF images as the existing 2MB images no longer
have sufficient variable space for the current Secure Boot Forbidden
Signature Database. LP: #1885662.
* Update fw descriptors to reference 4M images instead of their 2M
counterparts. This will migrate tools that use the descriptor interface
(like libvirt) over to the 4M images when creating new VMs. Existing 2M
VMs will require manual migration.
* Add a 4M snakeoil variable template and drop the 2M version. This will
break existing snakeoil VMs, but that should be OK for a test/devel
facility.
* Increase autopkgtest timeout from 30s to 60s. LP: #1885186.
-- dann frazier <email address hidden> Wed, 05 Aug 2020 18:33:22 -0600
-
edk2 (2020.05-2ubuntu1) groovy; urgency=medium
* Increase autopkgtest timeout from 30s to 60s. LP: #1885186.
-- dann frazier <email address hidden> Thu, 25 Jun 2020 16:17:15 -0600
-
edk2 (2020.05-2) unstable; urgency=medium
* Enable https boot support, thanks to Dimitri John Ledkov. LP: #1883114.
-- dann frazier <email address hidden> Thu, 11 Jun 2020 08:40:31 -0600
-
edk2 (2020.05-1ubuntu1) groovy; urgency=medium
* Enable https support. (LP: #1883114)
-- Dimitri John Ledkov <email address hidden> Thu, 11 Jun 2020 15:30:43 +0100
-
edk2 (2020.05-1) unstable; urgency=medium
* New upstream release, based on edk2-stable202005 tag.
-- dann frazier <email address hidden> Wed, 03 Jun 2020 15:39:40 -0600
-
edk2 (0.0~20200229-2) unstable; urgency=medium
* Actually install the new "ms" descriptor.
-- dann frazier <email address hidden> Sat, 11 Apr 2020 09:17:23 -0600
-
edk2 (0~20191122.bd85bf54-2ubuntu3) focal; urgency=medium
* Actually install the new "ms" descriptor.
-- dann frazier <email address hidden> Sat, 11 Apr 2020 10:19:44 -0600