[PATCH v2 00/14] vboot: Fix forged-configuration vulnerability

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH v2 00/14] vboot: Fix forged-configuration vulnerability

guoyujie (C)
Hi,I'm a developer using u-boot-2020.01,where can I get the patch fixing CVE-2020-10648 for u-boot-2020.01?

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2 00/14] vboot: Fix forged-configuration vulnerability

Simon Glass-3
Hi,


On Fri, 16 Oct 2020 at 01:40, guoyujie (C) <[hidden email]> wrote:
>
> Hi,I’m a developer using u-boot-2020.01,where can I get the patch fixing CVE-2020-10648 for u-boot-2020.01?

Upstream commit is 0e29648f8e7 and following

Cover letter is here:

https://lists.denx.de/pipermail/u-boot/2020-March/403409.html

Patchwork here:

http://patchwork.ozlabs.org/project/uboot/list/?series=165191&state=*

Unfortunately only the cover letter mentions CVE-2020-10648 and that
did not make it into the commits.

Regards,
Simon