Re: [edk2-devel] [PATCH v2 4/4] NetworkPkg: : Updating SecurityFixes.yaml

["Rebecca Cran" <rebecca@bsdio.com>]

I noticed the advisory at 
https://github.com/advisories/GHSA-h9v6-q439-p7j2 is labeled "Unreviewed".
Should it be updated, and should the 'package', 'affected' and 'patched' 
fields be updated?

-- 
Rebecca Cran


On 2/13/2024 11:46 AM, Doug Flick via groups.io wrote:
> From: Doug Flick <dougflick@microsoft.com>
>
> This captures the related security change for Dhcp6Dxe that is related
> to CVE-2023-45229
>
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
>
> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
> ---
>   NetworkPkg/SecurityFixes.yaml | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
> index 7e900483fec5..fa42025e0d82 100644
> --- a/NetworkPkg/SecurityFixes.yaml
> +++ b/NetworkPkg/SecurityFixes.yaml
> @@ -8,6 +8,7 @@ CVE_2023_45229:
>     commit_titles:
>
>       - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch"
>
>       - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests"
>
> +    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch"
>
>     cve: CVE-2023-45229
>
>     date_reported: 2023-08-28 13:56 UTC
>
>     description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message"
>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115523): https://edk2.groups.io/g/devel/message/115523
Mute This Topic: https://groups.io/mt/104339709/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-