Comment 24 for bug 2040137

Hi Dann, I have not coordinated yet. The CRD is loose, is there a specific date we can commit to? edk2 may have their own timeline, but I can reach out for their perspective. January 2nd may be a better date to initiate this conversation.

Downstreams and other vendors will be contacted after we have a solid patching plan and timeline. So far this includes Debian and (once verified) Incus.

Seth, does this sound good to you? If so I will file a report on https://github.com/tianocore/edk2/security and add you, Dann, and Mate. And offer to add their security devs to this bug.