-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Sep 2020 13:45:52 -0600 Source: edk2 Architecture: source Version: 0~20181115.85588389-3+deb10u2 Distribution: buster Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: dann frazier <dannf@debian.org> Closes: 968819 Changes: edk2 (0~20181115.85588389-3+deb10u2) buster; urgency=medium . * Fix integer overflow in DxeImageVerificationHandler. (CVE-2019-14562) (Closes: #968819) - d/p/0001-SecurityPkg-DxeImageVerificationLib-extract-SecDataD.patch - d/p/0002-SecurityPkg-DxeImageVerificationLib-assign-WinCertif.patch - d/p/0003-SecurityPkg-DxeImageVerificationLib-catch-alignment-.patch Checksums-Sha1: 5f1e43fbc10a29d89140f81ee77d7901feec2771 2370 edk2_0~20181115.85588389-3+deb10u2.dsc c4fb70aa5aef0f9c65394d54a59db36d7ce90d6d 34132 edk2_0~20181115.85588389-3+deb10u2.debian.tar.xz 6cb3d8291fc6546da098c67fe00b8e416701990a 7305 edk2_0~20181115.85588389-3+deb10u2_source.buildinfo Checksums-Sha256: 4350e5fc2087ae027dab20e1fc60c387a089a837bd2a094757fb355897a32eca 2370 edk2_0~20181115.85588389-3+deb10u2.dsc d6d8b9ca251680f39b072aea63079849005c60f70c99cf18cab620a127f02ff5 34132 edk2_0~20181115.85588389-3+deb10u2.debian.tar.xz 1fd1cd61eb8366aebe110d801ae02cf4a3b631f734d1d2d77482af23d0680418 7305 edk2_0~20181115.85588389-3+deb10u2_source.buildinfo Files: e04af808f56f0fc95f3024646e916d8a 2370 misc optional edk2_0~20181115.85588389-3+deb10u2.dsc 257a2214676548624fda667eb0965d67 34132 misc optional edk2_0~20181115.85588389-3+deb10u2.debian.tar.xz 3f9240a22954a781664efa4965cae912 7305 misc optional edk2_0~20181115.85588389-3+deb10u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAl9jvWQRHGRhbm5mQGRl Ymlhbi5vcmcACgkQG/g8XlT8hkAyfhAAo+W1Fv95XM+kIL8aYOVHIcC8MLVMXZiX 06VUKQBsAkoBspcwYli9OLQK993+g3H/HU4Fmsrn17LzYGM0+3cKdL9umaioc3bR 4V00z9LTyejutbU4aUlF8WcTBrcKBwf5qiedKLosFlASV6EEYoVWYFnsBa39jmq0 pymNDIt61+K7kTlyDXvf6EVSQDUwFs7eITXG20CG5ib+dEARGPC6ddqvqDBHWbvQ e+kk1vanRd0yaUxupgMBX9MyGscIiPFfdWFLHRxbMjJ8exn6W4t/pJqKKJf/7H1X Z6TfzWxsKt8xhFhwsHR7WphiWJPUDk4/4klVC5/I4+Lvj2iLjlH03wowoNum2Cua AfhEYFO7b5LaA3FN6YzE/kAmqHr2JlKUDIKnGwD/hAtxifrCeEppbe5fO9nOIi1K cFsu6sda/qch2b4h9FFjY259EIwQyLARieAPFS83pqsrzZEV6MSO0ipin8ftDkk4 NIjJPFE99rRHKzSA+Q5kQ3LaySW+8bYC3nSXfaF8ZUsg8ozPWnD3cyj/K/rjVGk+ RoBqpZrACEE2C7FgAYjwOsF9nkVNT9OB84NdrcphFVlC5cIyv7FKIVjUu/ujAKhA H1kTOuHZA8xuoTZ9MIiDGEieGiROvlITDWOCIRMkwOhz/SyI244ohjT14RKuLTjD RW0XSd+cfw4= =2eJF -----END PGP SIGNATURE-----