From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+115523+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 03486D811AC
	for <rebecca@openfw.io>; Thu, 15 Feb 2024 13:54:09 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=r7BAHCPH5+cYVjaQu8ONVlvT+zmccaQ/6bzqRfh+WEs=;
 c=relaxed/simple; d=groups.io;
 h=Feedback-ID:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1708005248; v=1;
 b=Mrn+3eeOjpfW0onEtV+PuLAu1r0xh3/vkNB/fhm7x3SdHquweqsk7ukFkJ6fDqsMzBdf2Do/
 QAwAkxHJFb32rQW2tOlQOVNiqL8K/oUSat/DfsAWT1N0fm4YkGDNt5OFrHgDm3//MEIbnnKisQD
 mKv8nTaXKkFBCNs3VSCizNfI=
X-Received: by 127.0.0.2 with SMTP id h1ngYY7687511xiUNZdjJBdX; Thu, 15 Feb 2024 05:54:08 -0800
X-Received: from wfout6-smtp.messagingengine.com (wfout6-smtp.messagingengine.com [64.147.123.149])
 by mx.groups.io with SMTP id smtpd.web10.14059.1708005248069355205
 for <devel@edk2.groups.io>;
 Thu, 15 Feb 2024 05:54:08 -0800
X-Received: from compute7.internal (compute7.nyi.internal [10.202.2.48])
	by mailfout.west.internal (Postfix) with ESMTP id 214111C00095;
	Thu, 15 Feb 2024 08:54:07 -0500 (EST)
X-Received: from mailfrontend1 ([10.202.2.162])
  by compute7.internal (MEProxy); Thu, 15 Feb 2024 08:54:07 -0500
X-ME-Sender: <xms:fhfOZViRu7Tfcjo3cfnH70PvJCyp68exwMRscPVSzDIgEEQsPEDd0A>
    <xme:fhfOZaAOiA3Th7oYHxoli7eoC3oP_1IzxmbVIdhAnnPFWWL2mp6uYp6Jt7P8WpM3R
    VoeLOixiPXzYUXXQoc>
X-ME-Received: <xmr:fhfOZVFS8jJhUCqu7qDKwH_cTL-e5_J3KQi_MMihDnVB4wlUnRcayMhNe3T-KG-ehA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvddtgdehkecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpefkffggfgfuvfevfhfhjggtgfesthejredttddvjeenucfhrhhomheptfgvsggv
    tggtrgcuvehrrghnuceorhgvsggvtggtrgessghsughiohdrtghomheqnecuggftrfgrth
    htvghrnheptdegudfhleelheekvdehfeehleekheelfeduleegvdduheevtedtveegleeu
    vdelnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpe
    dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrvggsvggttggrsegsshguihhordgtohhm
X-ME-Proxy: <xmx:fhfOZaQ-scycu1if8wb151ML7tx6ew0Q_KON3PTlAcN4Onu1HgROTw>
    <xmx:fhfOZSzIMpmgc_4Hvyut1gNegjBJ4CtUKt0H4CSX-lH-DI6VJgoIQQ>
    <xmx:fhfOZQ5f7Qv4BhVx6J1HwuUFsm8wjm3aMRpzb9_rtCiU9vCQLAIJXQ>
    <xmx:fhfOZZquSb7Fg5knVW-LMs9WH5HkMp-d8hl8oauT28WgUhxOH9wdqfWn0N8>
Feedback-ID: i5b994698:Fastmail
X-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 15 Feb 2024 08:54:05 -0500 (EST)
Message-ID: <098ce984-58e3-4ef5-b4fa-6ff08a246076@bsdio.com>
Date: Thu, 15 Feb 2024 06:54:04 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [edk2-devel] [PATCH v2 4/4] NetworkPkg: : Updating SecurityFixes.yaml
To: devel@edk2.groups.io, dougflick@microsoft.com
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>,
 Zachary Clark-williams <zachary.clark-williams@intel.com>,
 "Doug Flick [MSFT]" <doug.edk2@gmail.com>
References: <20240213184603.2985-1-doug.edk2@gmail.com>
 <20240213184603.2985-5-doug.edk2@gmail.com>
From: "Rebecca Cran" <rebecca@bsdio.com>
In-Reply-To: <20240213184603.2985-5-doug.edk2@gmail.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,rebecca@bsdio.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: S6IRLsLHtd33LbQbaRdlPg0Kx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=Mrn+3eeO;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=none

I noticed the advisory at=20
https://github.com/advisories/GHSA-h9v6-q439-p7j2 is labeled "Unreviewed".
Should it be updated, and should the 'package', 'affected' and 'patched'=20
fields be updated?

--=20
Rebecca Cran


On 2/13/2024 11:46 AM, Doug Flick via groups.io wrote:
> From: Doug Flick <dougflick@microsoft.com>
>
> This captures the related security change for Dhcp6Dxe that is related
> to CVE-2023-45229
>
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
>
> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
> ---
>   NetworkPkg/SecurityFixes.yaml | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yam=
l
> index 7e900483fec5..fa42025e0d82 100644
> --- a/NetworkPkg/SecurityFixes.yaml
> +++ b/NetworkPkg/SecurityFixes.yaml
> @@ -8,6 +8,7 @@ CVE_2023_45229:
>     commit_titles:
>
>       - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch"
>
>       - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests"
>
> +    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch=
"
>
>     cve: CVE-2023-45229
>
>     date_reported: 2023-08-28 13:56 UTC
>
>     description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when proce=
ssing IA_NA/IA_TA options in a DHCPv6 Advertise message"
>



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115523): https://edk2.groups.io/g/devel/message/115523
Mute This Topic: https://groups.io/mt/104339709/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-