-
edk2 (2020.11-4ubuntu0.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Insufficient input validation in MdeModulePkg
- debian/patches/CVE-2019-11098-*.patch
- CVE-2019-11098
* SECURITY UPDATE: overflow in openssl EVP_DecryptUpdate
- debian/patches/CVE-2021-23840.patch
- CVE-2021-23840
* SECURITY UPDATE: DoS via incorrect ASN.1 string termination in openssl
- debian/patches/CVE-2021-3712-*.patch
- CVE-2021-3712
* SECURITY UPDATE: remote buffer overflow in IScsiHexToBin
- debian/patches/CVE-2021-38575-*.patch
- CVE-2021-38575
-- Marc Deslauriers <email address hidden> Fri, 17 Sep 2021 11:03:13 -0400
-
edk2 (2020.11-4) unstable; urgency=medium
* UEFI/Filesystems.py: Force "/sbin" into $PATH before calling
mkdosfs, fixing autopkgtest failures.
-- dann frazier <email address hidden> Tue, 09 Mar 2021 09:20:12 -0700
-
edk2 (2020.11-2) unstable; urgency=medium
* autopkgtest: Add allow-stderr to Restrictions to fix failure.
-- dann frazier <email address hidden> Tue, 15 Dec 2020 11:42:37 -0700
-
edk2 (2020.11-1) unstable; urgency=medium
* New upstream release, based on edk2-stable202011 tag.
* Version the build-dep on qemu-system-x86 to ensure it is new enough
to support setting smbios OEM strings on the command line. Thanks to
Christian Ehrhardt. LP: #1900846.
* Introduce ovmf-ia32 package. (Closes: #842683)
* Switch OVMF_CODE_4M images to use a 32-bit PEI phase which supports
S3 suspend. This avoids having to disable S3 in QEMU to use the
SMM-enforcing secboot variant. Non-4M images are for backwards
compatibility only, and remain with a 64-bit PEI phase. LP: #1903681.
(Closes: #973783)
* Rework autopkgtests to cover all provided images.
-- dann frazier <email address hidden> Sat, 12 Dec 2020 17:57:02 -0700
-
edk2 (2020.08-1) unstable; urgency=medium
* New upstream release, based on edk2-stable202008 tag.
* Drop patches merged upstream:
- d/p/0001-SecurityPkg-DxeImageVerificationLib-extract-SecDataD.patch
- d/p/0002-SecurityPkg-DxeImageVerificationLib-assign-WinCertif.patch
- d/p/0003-SecurityPkg-DxeImageVerificationLib-catch-alignment-.patch
* Drop patch no longer required due to upstream fixes:
- d/p/no-missing-braces.diff
* Refresh patch:
- d/p/no-stack-protector-all-archs.diff
-- dann frazier <email address hidden> Mon, 28 Sep 2020 13:40:05 -0600
-
edk2 (2020.05-5) unstable; urgency=medium
* Update snakeoil keys. Previous one expired 2019-12-01. New one
expires 2120-08-14.
-- dann frazier <email address hidden> Mon, 07 Sep 2020 13:23:29 -0600