Package "qemu-efi-aarch64"

  edk2 (0~20191122.bd85bf54-2ubuntu3.6) focal-security; urgency=medium

  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2021-38578.patch: Add SafeIntLib to check for
      under or overflows
    - CVE-2021-38578

 -- Bruce Cable <email address hidden> Tue, 08 Oct 2024 18:01:22 +1100

  edk2 (0~20191122.bd85bf54-2ubuntu3.5) focal; urgency=medium

  * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733.
    Thanks to Mate Kukri. LP: #2040137.
    - Backport support for GetSetupMode() and IsSecureBootEnabled():
      + 0001-SecurityPkg-Create-SecureBootVariableLib.patch
      + 0002-ArmVirtPkg-add-SecureBootVariableLib-class-resolutio.patch
      + 0003-OvmfPkg-add-SecureBootVariableLib-class-resolution.patch
      + 0004-SecurityPkg-SecureBootVariableLib-Added-newly-suppor.patch
      + 0005-EmulatorPkg-add-SecureBootVariableLib-class-resoluti.patch
    - Disable the built-in Shell when SecureBoot is enabled:
      + Disable-the-Shell-when-SecureBoot-is-enabled.patch

 -- dann frazier <email address hidden> Tue, 13 Feb 2024 17:52:30 -0700

  edk2 (0~20191122.bd85bf54-2ubuntu3.4) focal; urgency=medium

  [ dann frazier ]
  * Provide 4MB OVMF images: The existing 2MB images no longer
    have sufficient variable space for the current Secure Boot
    Forbidden Signature Database. (LP: #1885662)
    - Convert targets for pre-enrolled variable template images
      into pattern rules. This will be useful for adding additional
      pre-enrolled variable templates.
    - Update fw descriptors to reference 4M images instead of their
      2M counterparts. This will migrate tools that use the descriptor
      interface (like libvirt) over to the 4M images when creating new
      VMs. Existing 2M VMs will require manual migration.
  * Increase autopkgtest timeout from 30s to 60s. (LP: #1885186)

  [ Mustafa Kemal Gilor ]
  * Added autopkg tests for 4MB OVMF images. (LP: #1885662)

 -- Mustafa Kemal GILOR <email address hidden> Tue, 08 Nov 2022 11:40:07 +0300

  edk2 (0~20191122.bd85bf54-2ubuntu3.3) focal-security; urgency=medium

  * SECURITY UPDATE: Insufficient input validation in MdeModulePkg
    - debian/patches/CVE-2019-11098-*.patch
    - CVE-2019-11098
  * SECURITY UPDATE: overflow in openssl EVP_DecryptUpdate
    - debian/patches/CVE-2021-23840.patch
    - CVE-2021-23840
  * SECURITY UPDATE: DoS via incorrect ASN.1 string termination in openssl
    - debian/patches/CVE-2021-3712-*.patch
    - CVE-2021-3712
  * SECURITY UPDATE: remote buffer overflow in IScsiHexToBin
    - debian/patches/CVE-2021-38575-*.patch
    - CVE-2021-38575

 -- Marc Deslauriers <email address hidden> Mon, 20 Sep 2021 09:11:31 -0400

  edk2 (0~20191122.bd85bf54-2ubuntu3.2) focal-security; urgency=medium

  * SECURITY UPDATE: unlimited FV recursion
    - debian/patches/CVE-2021-28210-1.patch: assert SectionInstance
      invariant in FindChildNode() in
      MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c.
    - debian/patches/CVE-2021-28210-2.patch: limit FwVol encapsulation
      section recursion in MdeModulePkg/Core/Dxe/DxeMain.inf,
      MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c,
      MdeModulePkg/MdeModulePkg.dec, MdeModulePkg/MdeModulePkg.uni.
    - CVE-2021-28210
  * SECURITY UPDATE: possible heap corruption in LzmaUefiDecompressGetInfo
    - debian/patches/CVE-2021-28211.patch: catch 4GB+ uncompressed
      buffer sizes in
      MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c,
      MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h.
    - CVE-2021-28211

 -- Marc Deslauriers <email address hidden> Mon, 12 Apr 2021 08:18:49 -0400