From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 6D82DC433F5
	for <u-boot@archiver.kernel.org>; Wed, 11 May 2022 22:20:29 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id ECEE584217;
	Thu, 12 May 2022 00:20:26 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=fail (p=quarantine dis=none) header.from=protonmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=protonmail.com header.i=@protonmail.com header.b="igXZ7/zV";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 719A484217; Wed, 11 May 2022 22:25:45 +0200 (CEST)
Received: from mail-4319.protonmail.ch (mail-4319.protonmail.ch [185.70.43.19])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id AEF9483D52
 for <u-boot@lists.denx.de>; Wed, 11 May 2022 22:25:42 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none)
 header.from=protonmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=zi0Black@protonmail.com
Date: Wed, 11 May 2022 20:25:37 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail2; t=1652300742;
 bh=BS7pobafW0Vqo0exuljDBAfY486BNpaSUrmMuBgxqTc=;
 h=Date:To:From:Reply-To:Subject:Message-ID:Feedback-ID:From:To:Cc:
 Date:Subject:Reply-To:Feedback-ID:Message-ID;
 b=igXZ7/zVWr2yx3bpB8PN8HD34D3fsWIKJGd+d2Q6Yqj8EHlFE25JQ2fWUgmBz9HaE
 SXUKIzSdmwKkjlBt5NCwrSMDp3HazapcmSdpc1iO08VXVupbU5o8J5AdqClIVBSMYj
 04FAZauqX7CZQRuzXLQjHdATBN4OelUU++J2glybLUr8uSoUR12m7a+GDs8IOK8LnS
 eWqJh58V6nMT3KCPReV94AFJfU+1leqDRIDS8/N/Hodtmm/VPlT30m+8sWhWYXl211
 /6t2xjKfudefepFomY8QNNwgEeHTlid+Em0IGQaBhS4y0W4QTQeN/+qCbN2/UwufwJ
 vy6yLZWH36/mA==
To: "u-boot@lists.denx.de" <u-boot@lists.denx.de>
From: zi0Black <zi0Black@protonmail.com>
Subject: Ineffective fix of CVE-2019-14196
Message-ID: <JPLpjdJfg8-2n1ln8Mj5sRM2Nc0bUhp_iam0wabNQ7ukdvmCO7Ia2vxaUBI2ojBZWNuIIjFQTRpHYKEgl9h81rR2rpihGDCAnHb46BfxYfc=@protonmail.com>
Feedback-ID: 9529232:user:proton
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg=pgp-sha256;
 boundary="------e68c900c1375f575d1524284945477341c5613335c987939a6f560646afcfb65";
 charset=utf-8
X-Mailman-Approved-At: Thu, 12 May 2022 00:20:25 +0200
X-Content-Filtered-By: Mailman/MimeDel 2.1.39
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Reply-To: zi0Black <zi0Black@protonmail.com>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------e68c900c1375f575d1524284945477341c5613335c987939a6f560646afcfb65
Content-Type: multipart/mixed;boundary=---------------------8a97a2abc6e29a3cef06a8dd0e73d66d

-----------------------8a97a2abc6e29a3cef06a8dd0e73d66d
Content-Type: multipart/alternative;boundary=---------------------96bd171235ef94cc29ef92a519960628

-----------------------96bd171235ef94cc29ef92a519960628
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

Hi to every one,

The current fix for the vulnerability identified via CVE-2019-14196 is not=
 effective and a buffer overflow is still possible. Please refer to my com=
ment posted on the commit (5d14ee4e53a81055d34ba280cb8fd90330f22a96) on gi=
thub.

https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330=
f22a96



Regards,

zi0Black
-----------------------96bd171235ef94cc29ef92a519960628--

-----------------------8a97a2abc6e29a3cef06a8dd0e73d66d--

--------e68c900c1375f575d1524284945477341c5613335c987939a6f560646afcfb65
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJifBuxACEJEN635t7vWSnoFiEEo9T2aZA2RTZ6ApuK3rfm
3u9ZKehTggf5AS2JJgPRX9+qbN5PAU2SAhf1RE2tpMq/jk4mklPo27ldVdWd
VEpR55T48dHsIxu6SUCYuXcUgWuuL+NVBn9xTB44Jk4Djr9bHnC5U3+kAHg0
LFhJmItbI7u+7WwANhJnHYXxe31lNn1RoP5vX2jmFMPDY9bdxTIf0BL7IsTv
+rY0VBhy9G8oOaNinlMN8QmBkD4hB3FfRDDskkncgFuZfJRC12RAKQpiTy/1
4DLSwsMomlbAbWxGMN2MEJ3PznbJc4xwQyxyY8sFZT1Lt8eT+VgBOYfXsqXh
VfObPZm0KHW5IBmSJ7g0s+8+YEUwx1QOataMqZi8GU1s8D0pJ2iOMg==
=ZaKC
-----END PGP SIGNATURE-----


--------e68c900c1375f575d1524284945477341c5613335c987939a6f560646afcfb65--