From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+113759+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id AF01D7803CC
	for <rebecca@openfw.io>; Fri, 12 Jan 2024 19:16:05 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=2J2+PjKCoPhHG6ALWVf1ewuEUilA8ZFxHB+xUoyzXXc=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1705086964; v=1;
 b=mRD37PLwK9jN3fHkuYIPeYZRW7kpk6Rccx0ycbpP5mDwv8c4SNcdIwqNLt5uza3yFPxD4nnz
 CQyHLGL+IFGoybFMugPArWSRTx3ml+vAk8H+JZEth+8kxQpQdXtmoap3U6Q6z+WMVR2gE8FUGrA
 SU2hhKnDoGNEZOdnY/BubGpw=
X-Received: by 127.0.0.2 with SMTP id nrMfYY7687511xSvQRXY8mtn; Fri, 12 Jan 2024 11:16:04 -0800
X-Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172])
 by mx.groups.io with SMTP id smtpd.web10.18729.1704997016969417732
 for <devel@edk2.groups.io>;
 Thu, 11 Jan 2024 10:16:57 -0800
X-Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-1d3e8a51e6bso44965375ad.3
        for <devel@edk2.groups.io>; Thu, 11 Jan 2024 10:16:56 -0800 (PST)
X-Gm-Message-State: bKa3ueJx2dVx5FidXSerlh9Lx7686176AA=
X-Google-Smtp-Source: AGHT+IEoTQOBAFNVGBelPPJoKY1WA0xdbJFmcinFSb1PEbafZTM20dd/jCs6JEbTQMuQUSpdGsF7dQ==
X-Received: by 2002:a17:902:dac5:b0:1d3:9060:62a7 with SMTP id q5-20020a170902dac500b001d3906062a7mr176829plx.35.1704997016094;
        Thu, 11 Jan 2024 10:16:56 -0800 (PST)
X-Received: from localhost.localdomain ([131.107.1.208])
        by smtp.gmail.com with ESMTPSA id kd13-20020a17090313cd00b001d4752f5403sm1453414plb.206.2024.01.11.10.16.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Jan 2024 10:16:55 -0800 (PST)
From: "Doug Flick via groups.io" <dougflick=microsoft.com@groups.io>
To: devel@edk2.groups.io
Cc: "Douglas Flick [MSFT]" <doug.edk2@gmail.com>,
	Jiewen Yao <jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH 3/6] SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
Date: Thu, 11 Jan 2024 10:16:03 -0800
Message-ID: <4ea9896fbdef6d2cc7a443ddba9ee1d671af8bf6.1704996627.git.doug.edk2@gmail.com>
In-Reply-To: <cover.1704996627.git.doug.edk2@gmail.com>
References: <cover.1704996627.git.doug.edk2@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dougflick@microsoft.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=mRD37PLw;
	dmarc=none;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
 SecurityPkg/SecurityFixes.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 SecurityPkg/SecurityFixes.yaml

diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
new file mode 100644
index 000000000000..f9e3e7be7453
--- /dev/null
+++ b/SecurityPkg/SecurityFixes.yaml
@@ -0,0 +1,22 @@
+## @file=0D
+# Security Fixes for SecurityPkg=0D
+#=0D
+# Copyright (c) Microsoft Corporation=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+##=0D
+CVE_2022_36763:=0D
+  commit_titles:=0D
+    - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-367=
63"=0D
+    - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-3676=
3"=0D
+    - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"=0D
+  cve: CVE-2022-36763=0D
+  date_reported: 2022-10-25 11:31 UTC=0D
+  description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTa=
ble()=0D
+  note: This patch is related to and supersedes TCBZ2168=0D
+  files_impacted:=0D
+  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c=0D
+  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c=0D
+  links:=0D
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=3D4117=0D
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=3D2168=0D
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=3D1990=0D
--=20
2.43.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113759): https://edk2.groups.io/g/devel/message/113759
Mute This Topic: https://groups.io/mt/103689722/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-