update edk2 submodule & binaries to edk2-stable202008
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Laszlo Ersek (Red Hat) |
Bug Description
Consume the following upstream edk2 releases:
https:/
https:/
https:/
https:/
https:/
Worth mentioning (in random order):
- various CVE fixes [*]
- OpenSSL-1.1.1g
- UEFI HTTPS Boot for ARM/AARCH64
- TPM2 for ARM/AARCH64
- VCPU hotplug with SMI
- support for Linux v5.7+ initrd and mixed mode loading
- Fusion-MPT SCSI driver in OVMF
- VMware PVSCSI driver in OVMF
- PXEv4 / PXEv6 boot possible to disable on the QEMU command line
- SEV-ES support
[*] the below list has been collected simply from the subject lines in
commit range edk2-stable2019
CVE-2019-11098 CVE-2019-14553 CVE-2019-14558 CVE-2019-14559
CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586
CVE-2019-14587
(Note that any given CVE from the above list may or may not affect the
firmware binaries packaged with upstream QEMU; consult the upstream
TianoCore bug tracker at <https:/
CVE References
Changed in qemu: | |
assignee: | nobody → Laszlo Ersek (Red Hat) (lersek) |
Changed in qemu: | |
assignee: | Laszlo Ersek (Red Hat) (lersek) → Philippe Mathieu-Daudé (philmd) |
status: | New → In Progress |
summary: |
- update edk2 submodule & binaries to edk2-stable201911 + update edk2 submodule & binaries to edk2-stable202005 |
description: | updated |
Changed in qemu: | |
assignee: | Philippe Mathieu-Daudé (philmd) → Laszlo Ersek (Red Hat) (lersek) |
summary: |
- update edk2 submodule & binaries to edk2-stable202005 + update edk2 submodule & binaries to edk2-stable202008 |
description: | updated |
Hi Laszlo,
Do you have a particular reason to update the submodule *after* the v4.2.0 release?
I'd rather see QEMU 4.2 released with edk2-stable201911, as it fixes various CVE (therefore a patch for 4.2-rc4 seems acceptable to me).