Format: 1.8
Date: Mon, 12 Apr 2021 08:12:17 -0400
Source: edk2
Binary: ovmf qemu-efi qemu-efi-aarch64 qemu-efi-arm
Architecture: all
Version: 2020.05-5ubuntu0.2
Distribution: groovy
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-055.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 ovmf       - UEFI firmware for 64-bit x86 virtual machines
 qemu-efi   - transitional dummy package
 qemu-efi-aarch64 - UEFI firmware for 64-bit ARM virtual machines
 qemu-efi-arm - UEFI firmware for 32-bit ARM virtual machines
Changes:
 edk2 (2020.05-5ubuntu0.2) groovy-security; urgency=medium
 .
   * SECURITY UPDATE: unlimited FV recursion
     - debian/patches/CVE-2021-28210-1.patch: assert SectionInstance
       invariant in FindChildNode() in
       MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c.
     - debian/patches/CVE-2021-28210-2.patch: limit FwVol encapsulation
       section recursion in MdeModulePkg/Core/Dxe/DxeMain.inf,
       MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c,
       MdeModulePkg/MdeModulePkg.dec, MdeModulePkg/MdeModulePkg.uni.
     - CVE-2021-28210
   * SECURITY UPDATE: possible heap corruption in LzmaUefiDecompressGetInfo
     - debian/patches/CVE-2021-28211.patch: catch 4GB+ uncompressed
       buffer sizes in
       MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c,
       MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h.
     - CVE-2021-28211
Checksums-Sha1:
 3b98fa8c61601101146402c7ab3035885307c639 11569 edk2_2020.05-5ubuntu0.2_amd64.buildinfo
 3100a0c23597e6c810f6bc3ec02416af49f476a4 6998132 ovmf_2020.05-5ubuntu0.2_all.deb
 02a5a8f30f3f3583252de65f25354e2ba4f3b766 2354384 qemu-efi-aarch64_2020.05-5ubuntu0.2_all.deb
 1308e3abc545ae594b35bffd39de6c9eb6021654 1197680 qemu-efi-arm_2020.05-5ubuntu0.2_all.deb
 e151ce5c6f32884add1b2ffee1df5b19d39c952f 6640 qemu-efi_2020.05-5ubuntu0.2_all.deb
Checksums-Sha256:
 aeede81481d39180551bb30ae7d1205a26c42e6775269a81bfdab4f550ac8a4a 11569 edk2_2020.05-5ubuntu0.2_amd64.buildinfo
 fcf84f0031aed8532949db9b83fdd9e2839025d098542d7be08c7cfd2855ab1e 6998132 ovmf_2020.05-5ubuntu0.2_all.deb
 13582b517898dcb7f713822b07caa03173e54ccfbbfd24c3f5e8a8920bd1635e 2354384 qemu-efi-aarch64_2020.05-5ubuntu0.2_all.deb
 eabadf473caa7002b3d73835494ea3a65dda4ee9ca2a1706e267d2a2b9909ac4 1197680 qemu-efi-arm_2020.05-5ubuntu0.2_all.deb
 ce8699d14d2ca1e6afe39077c812c5fcb83e87261fa69f337845937dcabfb56f 6640 qemu-efi_2020.05-5ubuntu0.2_all.deb
Files:
 ed0d9a28fa525546608ceddffa34e2d5 11569 misc optional edk2_2020.05-5ubuntu0.2_amd64.buildinfo
 3d54a37b4ac1f3dd3f5100c2e5319f94 6998132 misc optional ovmf_2020.05-5ubuntu0.2_all.deb
 4569145fc7d893e4a820598088887f1b 2354384 misc optional qemu-efi-aarch64_2020.05-5ubuntu0.2_all.deb
 39b43b1d679fd73bbb41939558d3bc10 1197680 misc optional qemu-efi-arm_2020.05-5ubuntu0.2_all.deb
 ca336c7b6de4df45ceb3c6d833b9881b 6640 misc optional qemu-efi_2020.05-5ubuntu0.2_all.deb
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>