-
edk2 (0~20160408.ffea0a2c-2ubuntu0.2) xenial-security; urgency=medium
* Fix integer overflow in DxeImageVerificationHandler. (CVE-2019-14562)
* CryptoPkg/BaseCryptLib: fix NULL dereference. (CVE-2019-14584)
-- dann frazier <email address hidden> Tue, 15 Dec 2020 16:38:25 -0700
-
edk2 (0~20160408.ffea0a2c-2ubuntu0.1) xenial; urgency=medium
* Security fixes (LP: #1820764):
- Fix buffer overflow in BlockIo service (CVE-2018-12180)
- DNS: Check received packet size before using (CVE-2018-12178)
- Fix stack overflow with corrupted BMP (CVE-2018-12181)
* Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
* Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
* Clear memory before free to avoid potential password leak.
(CVE-2019-14558)
* Fix double-unmap in SdMmcCreateTrb(). This did not impact any
of the images built from this package. (CVE-2019-14587)
* Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
* Fix issue that could allow an efi image with a blacklisted hash in the
dbx to be loaded. (CVE-2019-14575)
* Fix a memory leak in the ARP handler. (CVE-2019-14559)
-- dann frazier <email address hidden> Thu, 16 Apr 2020 09:05:29 -0600
-
edk2 (0~20160408.ffea0a2c-2) unstable; urgency=medium
* Provide split AAVMF_{CODE,VARS}.fd for arm64 in the qemu-efi package,
for VM-friendly nvram persistence in the same style as Fedora et al.
and by analogy with the OVMF_{CODE,VARS}.fd on x86. Thanks to
William Grant <email address hidden> for the patch.
edk2 (0~20160408.ffea0a2c-1) unstable; urgency=medium
[ dann frazier ]
* New upstream version.
- d/p/enable-nvme: Drop; superseded by upstream commit 8ae3832d.
- d/p/no-missing-braces.diff: Refresh.
- d/p/FatPkg-AARCH64.diff: Drop; fixed upstream in commit 04a4fdb9.
- d/p/no-stack-protector-all-archs.diff: Refresh.
- d/p/arm64-mistrict-align.patch: Drop; superseded by upstream
commit d764d5984.
* Move out of non-free as the FAT driver has been replaced with a free
implementation, Thanks to Microsoft. Closes: #815618, LP: #1569602.
* Add SECURE_BOOT_ENABLE flag to aarch64 build to enable support for UEFI
Secure Boot. Closes: #819757. Thanks to Linn Crosetto.
-- Steve Langasek <email address hidden> Sat, 16 Apr 2016 00:30:50 +0000
-
edk2 (0~20160104.c2a892d7-1) unstable; urgency=medium
* New upstream version.
- Fixes support for kvm GPU passthrough. Closes: #810163.
- Adds GICv3 support. Closes: #810495.
[ dann frazier ]
* Use GCC49 toolchain for all architectures; the ARMGCC toolchain has
been dropped upstream.
* Supersede debian/patches/arm64-no-expensive-optimizations.patch
with debian/patches/arm64-mstrict-align.patch. Closes LP: #1489460.
-- Steve Langasek <email address hidden> Thu, 28 Jan 2016 01:35:30 +0000
-
edk2 (0~20150106.5c2d456b-2) unstable; urgency=medium
[ Steve Langasek ]
* Build-depend on gcc-aarch64-linux-gnu and make qemu-efi an Arch: all
package.
* Ship OVMF_CODE.fd and OVMF_VARS.fd for proper EFI variable support.
Closes: #764918. Continue shipping OVMF.fd too for now, for
compatibility.
[ dann frazier ]
* qemu-efi: Switch to Intel BDS. This supports a fallback to the removable
media path (i.e. \EFI\BOOT\BOOTaa64.EFI) as required by the Linaro VM
Specification. Closes: #796928.
* debian/patches/arm64-no-expensive-optimizations.patch: Workaround
ARM64 compiler issue by disabling certain optimizations.
Closes: LP #1489560
-- Steve Langasek <email address hidden> Thu, 03 Sep 2015 22:08:41 +0000
