[edk2-devel] [PATCH 3/6] SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Doug Flick via groups.io" <dougflick=microsoft.com@groups.io>
To: devel@edk2.groups.io
Cc: "Douglas Flick [MSFT]" <doug.edk2@gmail.com>,
	Jiewen Yao <jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH 3/6] SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
Date: Thu, 11 Jan 2024 10:16:03 -0800	[thread overview]
Message-ID: <4ea9896fbdef6d2cc7a443ddba9ee1d671af8bf6.1704996627.git.doug.edk2@gmail.com> (raw)
In-Reply-To: <cover.1704996627.git.doug.edk2@gmail.com>

This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
 SecurityPkg/SecurityFixes.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 SecurityPkg/SecurityFixes.yaml

diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
new file mode 100644
index 000000000000..f9e3e7be7453
--- /dev/null
+++ b/SecurityPkg/SecurityFixes.yaml
@@ -0,0 +1,22 @@
+## @file
+# Security Fixes for SecurityPkg
+#
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+CVE_2022_36763:
+  commit_titles:
+    - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
+    - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
+    - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
+  cve: CVE-2022-36763
+  date_reported: 2022-10-25 11:31 UTC
+  description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
+  note: This patch is related to and supersedes TCBZ2168
+  files_impacted:
+  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+  links:
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
-- 
2.43.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113759): https://edk2.groups.io/g/devel/message/113759
Mute This Topic: https://groups.io/mt/103689722/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2024-01-12 19:16 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-11 18:16 [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Doug Flick via groups.io
2024-01-11 18:16 ` [edk2-devel] [PATCH 1/6] SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763 Doug Flick via groups.io
2024-01-11 18:16 ` [edk2-devel] [PATCH 2/6] SecurityPkg: DxeTpmMeasureBootLib: " Doug Flick via groups.io
2024-01-11 18:16 ` Doug Flick via groups.io [this message]
2024-01-11 18:16 ` [edk2-devel] [PATCH 4/6] SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764 Doug Flick via groups.io
2024-01-11 18:16 ` [edk2-devel] [PATCH 5/6] SecurityPkg: DxeTpmMeasureBootLib: " Doug Flick via groups.io
2024-01-11 18:16 ` [edk2-devel] [PATCH 6/6] SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml Doug Flick via groups.io
2024-01-12  1:50 ` [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Yao, Jiewen
2024-01-16  7:59 ` Yao, Jiewen
2024-01-16 12:00 ` Gerd Hoffmann
2024-01-16 13:30   ` Yao, Jiewen
2024-01-16 14:34     ` Gerd Hoffmann
2024-01-16 14:38       ` Yao, Jiewen
2024-01-17  7:21         ` Li, Yi
2024-01-17  8:08           ` Yao, Jiewen
2024-01-17  8:15             ` Li, Yi
2024-01-17  8:23               ` Yao, Jiewen
2024-01-17 14:05                 ` Gerd Hoffmann
2024-01-17 14:12                   ` Yao, Jiewen
2024-01-17 21:04                 ` Doug Flick via groups.io
2024-01-17 22:49                   ` Doug Flick via groups.io

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f9e3e7be745 )
 OR (
bs:"[edk2-devel] [PATCH 3/6] SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4ea9896fbdef6d2cc7a443ddba9ee1d671af8bf6.1704996627.git.doug.edk2@gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox