CVE-2019-14584 (https://bugzilla.redhat.com/show_bug.cgi?id=1889486): Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. Patch (in 202105): https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=944a1bda9e2a0614e3a176588bb57477813e43dd commit 944a1bda9e2a0614e3a176588bb57477813e43dd Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2021-06-26 22:16:40 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2021-06-26 22:23:52 +0000 sys-firmware/edk2-ovmf: version bump to 202105 Bug: https://bugs.gentoo.org/797703 Bug: https://bugs.gentoo.org/797232 Bug: https://bugs.gentoo.org/798777 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Matthias Maier <tamiko@gentoo.org> sys-firmware/edk2-ovmf/Manifest | 3 + sys-firmware/edk2-ovmf/edk2-ovmf-202105.ebuild | 173 +++++++++++++++++++++++++ 2 files changed, 176 insertions(+)
202105 is now in tree. Let's postpone stabiliziation and cleanup for a bit to get some testing in.
Package list is empty or all packages have requested keywords.
Throwing in QEMU because it needs the same firmware.
Unable to check for sanity: > no match for package: app-emulation/qemu-6.0.0-r52
All sanity-check issues have been resolved
Resetting sanity check; package list is empty or all packages are done.
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dee51fb9e273c98d521b6d7083030f89d8c13ad5 commit dee51fb9e273c98d521b6d7083030f89d8c13ad5 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2022-01-03 23:51:34 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2022-01-04 00:02:11 +0000 sys-firmware/edk2-ovmf: clean up vulnerable Bug: https://bugs.gentoo.org/797232 Bug: https://bugs.gentoo.org/797703 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Matthias Maier <tamiko@gentoo.org> sys-firmware/edk2-ovmf/Manifest | 3 - sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild | 186 ------------------------- 2 files changed, 189 deletions(-)
