frozencemetery
commented
2 years ago When we investigated this CVE, we determined that shim was unaffected due to not using EC crypto. Do you have evidence that this does affect shim?
Note that it is not our policy to update the bundled openssl every time openssl has a CVE - we only update when there's one that affects shim.
This CVE is from OpenSSL, shim involves this function. Signed-off-by:JinLun jinlun@huawei.com