From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id AB82BD800D7 for ; Fri, 12 Jan 2024 19:16:09 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=p4VkicaXuLh7KWWIceqmTLWPLix2N16XPe9jWQdsuaQ=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1705086968; v=1; b=gGs2qDGKuKEnadIBOpCN12iS2+jk5w3pPYnn5FH3N6+KL84iRIEk8hZtP2ZPrvROJsJSteNE 9DLpcJ4N5JnNFR5aDmmHRphVqZNR28L+L4XjRcYlFq+4JJMsSgU6QUM90MKDCM0HtDF6DgxV+03 RhZ0K3J4vCnHaoxuOVBMBMdI= X-Received: by 127.0.0.2 with SMTP id Gl16YY7687511xJtflEY0Xfp; Fri, 12 Jan 2024 11:16:08 -0800 X-Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.18731.1704997022241465058 for ; Thu, 11 Jan 2024 10:17:02 -0800 X-Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1d509222c11so23561655ad.1 for ; Thu, 11 Jan 2024 10:17:02 -0800 (PST) X-Gm-Message-State: wxBVud25t6ki8JGaXeylH5k3x7686176AA= X-Google-Smtp-Source: AGHT+IGk+kNqzIoZ0Z9OA8CcWqOfKZfF72l8jFhbfsgP+5WoTtlrFg/rqjJPdsib5I/9luXOkw9tgA== X-Received: by 2002:a17:902:ec8e:b0:1d4:b6e9:9e42 with SMTP id x14-20020a170902ec8e00b001d4b6e99e42mr157941plg.21.1704997020924; Thu, 11 Jan 2024 10:17:00 -0800 (PST) X-Received: from localhost.localdomain ([131.107.1.208]) by smtp.gmail.com with ESMTPSA id kd13-20020a17090313cd00b001d4752f5403sm1453414plb.206.2024.01.11.10.17.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jan 2024 10:17:00 -0800 (PST) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: "Douglas Flick [MSFT]" , Jiewen Yao Subject: [edk2-devel] [PATCH 6/6] SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml Date: Thu, 11 Jan 2024 10:16:06 -0800 Message-ID: <5a5085711066589ec66965191353853beaf1db81.1704996627.git.doug.edk2@gmail.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=gGs2qDGK; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=none This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Jiewen Yao Signed-off-by: Doug Flick [MSFT] --- SecurityPkg/SecurityFixes.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml index f9e3e7be7453..833fb827a96c 100644 --- a/SecurityPkg/SecurityFixes.yaml +++ b/SecurityPkg/SecurityFixes.yaml @@ -20,3 +20,17 @@ CVE_2022_36763: - https://bugzilla.tianocore.org/show_bug.cgi?id=3D4117=0D - https://bugzilla.tianocore.org/show_bug.cgi?id=3D2168=0D - https://bugzilla.tianocore.org/show_bug.cgi?id=3D1990=0D +CVE_2022_36764:=0D + commit_titles:=0D + - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022= -36764"=0D + - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-= 36764"=0D + - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"=0D + cve: CVE-2022-36764=0D + date_reported: 2022-10-25 12:23 UTC=0D + description: Heap Buffer Overflow in Tcg2MeasurePeImage()=0D + note:=0D + files_impacted:=0D + - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c=0D + - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c=0D + links:=0D + - https://bugzilla.tianocore.org/show_bug.cgi?id=3D4118=0D --=20 2.43.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113762): https://edk2.groups.io/g/devel/message/113762 Mute This Topic: https://groups.io/mt/103689725/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-