edk2.git - Cross-platform firmware development environment

diff options

author	Oliver Smith-Denny <osde@microsoft.com>	2024-11-22 07:46:36 -0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-11-26 02:15:06 +0000
commit	7eff71fe690a0f5bc0be67b5b83f263d7892f9b6 (patch)
tree	c22fd00fd17a083f3deecb73970e7683cb40ebe2 /UefiCpuPkg/Library/VmgExitLibNull
parent	c15bd993428ea4f75aae4f885f67903a8f89fae4 (diff)
download	edk2-master.tar.gz edk2-master.tar.bz2 edk2-master.zip

SecurityPkg: Update libspdmHEAD master

This patch updates libspdm to pull in various bug fixes, but primarily commit ca4854be3325bd8fc7f2c714574d17aac2d4e13b which updates libspdm's MbedTLS submodule to v3.6.2, fixing CVE https://nvd.nist.gov/vuln/detail/CVE-2023-37920 there. This CVE does not affect libspdm or edk2, but automatic CVE scanning tools see the bad version of the certifi pip module in the edk2/libspdm code trees and flag these projects as failing. libspdm has been updated to pull in the newer MbedTLS that fixes this issue and this patch updates edk2 to pull in the newer libspdm. Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>

Diffstat (limited to 'UefiCpuPkg/Library/VmgExitLibNull')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: