1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES.DEVE

  • Accepted edk2 2025.02-8 (source) into unstable

    From Debian FTP Masters@21:1/5 to All on Tue May 13 04:50:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Mon, 12 May 2025 20:18:11 -0600
    Source: edk2
    Architecture: source
    Version: 2025.02-8
    Distribution: unstable
    Urgency: medium
    Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: dann frazier <dannf@debian.org>
    Closes: 1102519 1103906
    Changes:
    edk2 (2025.02-8) unstable; urgency=medium
    .
    * ovmf, ovmf-ia32, qemu-efi-aarch64: Uninstall the EFI_MEMORY_ATTRIBUTE
    protocol by default in the *.secboot.fd variants to avoid boot crashes
    with incompatible guest operating systems. This is to give virtual
    machine managers like libvirt and incus a release cycle to determine how
    to handle these guests. Add new *.secboot.strictnx.fd variants that users
    can opt-in to to benefit from NX security features. EFI_MEMORY_ATTRIBUTE
    support will be restored for all *.secboot.fd images at the start of
    the next devel cycle, at which point *.secboot.strictnx.fd will become
    symlink aliases. Note this in NEWS.Debian and README.Debian files.
    (Closes: #1103906).
    * Fix out-of-bounds read in HashPeImageByType(), CVE-2024-38797.
    (Closes: #1102519):
    - d/p/0001-SecurityPkg-Out-of-bound-read-in-HashPeImageByType.patch
    - d/p/0002-SecurityPkg-Improving-HashPeImageByType-logic.patch
    - d/p/0003-SecurityPkg-Improving-SecureBootConfigImpl-HashPeIma.patch
    - d/p/0004-SecurityPkg-Update-SecurityFixes.yaml-for-CVE-2024-3.patch Checksums-Sha1:
    691ad9dae9c4f38a2b1323d4e96309170936b0cc 2551 edk2_2025.02-8.dsc
    6228f4da544a9036f2f65f35e1c651fecb7f96c3 50944 edk2_2025.02-8.debian.tar.xz
    be394e61d4fdfccaf952c2cbf2f0999a2ae6f576 11690 edk2_2025.02-8_source.buildinfo Checksums-Sha256:
    890b781c03b92aa316cd08aebebb34981057df404f9ffcdd22fac26c15c33ba0 2551 edk2_2025.02-8.dsc
    1b3fdc9b557ed3e040f3a68aef13817c266ce11a010db3e8d371d3c1092a4e5f 50944 edk2_2025.02-8.debian.tar.xz
    f833eb256b8da4c02d421f029350a0c06210f0b4f204474dc8c744fdac36f33a 11690 edk2_2025.02-8_source.buildinfo
    Files:
    13feed63d20882df46bde482d9b4a096 2551 misc optional edk2_2025.02-8.dsc
    ba761096bec85e6c9598aacfd16c812d 50944 misc optional edk2_2025.02-8.debian.tar.xz
    1cfbe6ba50a774d2cf1594c7e84409d9 11690 misc optional edk2_2025.02-8_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iIcEARYKAC8WIQQoGlxLiiPDxHQh9i5UW4ZA9GI6WAUCaCKsJhEcZGFubmZAZGVi aWFuLm9yZwAKCRBUW4ZA9GI6WBLOAP9YvlgAoIQW1+kxkYkZ1Odciet2BJeWL6JH dMqJ1/OAOwEAvAVPbMb6Q9LnARB2izg0FTIPrTTKoHYsvXsVZztlRAM=
    =2Djz
    -----END PGP SIGNATURE-----


    --==============88334575397357034=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaCKyNgAKCRCb9qggYcy5 IVuvAP995r1h2uS3Qfrtinrd/btTT4LVvSPa9gvdadvV50swtgD+K1TxO2EQnl+X BTlCuWmSSouHzx4RGmK77oxB/cLT9w4=RPyw
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)