Skip to content

Commit

Permalink
SecurityPkg: Update libspdm
Browse files Browse the repository at this point in the history 
This patch updates libspdm to pull in various bug fixes,
but primarily commit ca4854be3325bd8fc7f2c714574d17aac2d4e13b
which updates libspdm's MbedTLS submodule to v3.6.2, fixing
CVE https://nvd.nist.gov/vuln/detail/CVE-2023-37920 there.
This CVE does not affect libspdm or edk2, but automatic
CVE scanning tools see the bad version of the certifi
pip module in the edk2/libspdm code trees and flag these
projects as failing.
libspdm has been updated to pull in the newer MbedTLS that
fixes this issue and this patch updates edk2 to pull in
the newer libspdm.

Signed-off-by: Oliver Smith-Denny <[email protected]>
  • Loading branch information
@os-d @mergify
os-d authored and mergify[bot] committed Nov 26, 2024
1 parent c15bd99 commit 7eff71f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion SecurityPkg/DeviceSecurity/SpdmLib/libspdm
Submodule libspdm updated 330 files

0 comments on commit 7eff71f

Please sign in to comment.