From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 21C967803E8 for ; Mon, 12 Feb 2024 17:15:23 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=FaIV+H/7g4RCgP4tTyTnjLzcZm5eRQCZD0MbG8/m4aQ=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1707758122; v=1; b=Z50vywbRYOt0mpDd5UCsayA8xT64Xj5FXCeteOX82tuDOF8/2o7dC/VHi96hg+hJNzRD8voH hrwIHht2OTtvw6HxQIoD/NX4D5ArFJ5BLygJ/ajm59bmSpvDrwjku4yvtoN5UL8/ksvsyw8Dqrd +DOwj2RRhsipYeaE+8Dn8F0c= X-Received: by 127.0.0.2 with SMTP id 7JxlYY7687511xtDsPFVlVLP; Mon, 12 Feb 2024 09:15:22 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) by mx.groups.io with SMTP id smtpd.web11.12195.1707758122382878591 for ; Mon, 12 Feb 2024 09:15:22 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10982"; a="5518938" X-IronPort-AV: E=Sophos;i="6.06,264,1705392000"; d="scan'208";a="5518938" X-Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Feb 2024 09:15:22 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,264,1705392000"; d="scan'208";a="2610967" X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmviesa010.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 12 Feb 2024 09:15:22 -0800 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 12 Feb 2024 09:15:21 -0800 X-Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 12 Feb 2024 09:15:20 -0800 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 12 Feb 2024 09:15:20 -0800 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 12 Feb 2024 09:14:26 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E+Ttw1IWSJYzxUyw5MwiaeQNBjLq1Ivw7qz0uZn2IcFLY7IpjNIpKFn7BaDdqvqRk1TswXdhsla3QkhA78nt/+BZHos2vVJmAi7OU+z9A64D0JaQklriIvXzs5v0ZhGesqiRNrwPbuPbsP8Q+bDdloBa8oUREGQ37cd3+cs+uMQkNwh/HkDZi9hgHgUigx97fIl12CA8dWRH+eECrHD9SULnnXyzswQn+8Rk60KQcxPJc89NXRRFJXZ56wQs2HT8skuQmHQZjc5rQgTMYsLTwmGPTGXz9udZ+iHj3mhOt89brNsq+u+whWyxHTHlRR8vzkkyyVmnDz5S24h8K1DYGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KD7vkF2fI0DAGg/InoPM1co0083GbtqFN+8i8lfNlmY=; b=KpoqxB4lFHZ/s3ZPEjU+ImUq6NjLmqF5Jj9cO3R8Ta9DwBDNB9lk5z5wWzzAkXzpMCBaTiQo4jBhM9oSNaRb7ObkR8+qm8+2lqjQPwBhjrq9CzqnrDYehL7paEklwqRxWwGtlb0K2JdlrGiMdHPEH/cyseYs+eslH4bJmzpjkKCXVliporXuWYyR2Lyqwu6uRFOZ+qhrKdl9xKzp50DoIGo7JAWMrnuqwSF1L6q0aEnIiHJHLvaOOXWefonKcOqdFLee7583K1A/FaMx1eaDtpqWWcLbV7yRcH+8s+Wga8jSnEw5glFU7hVxTebStIiwzCAZHalKkobYW5Tddudk+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com (2603:10b6:806:26b::20) by PH0PR11MB4789.namprd11.prod.outlook.com (2603:10b6:510:38::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.39; Mon, 12 Feb 2024 17:14:25 +0000 X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f]) by SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f%5]) with mapi id 15.20.7270.036; Mon, 12 Feb 2024 17:14:25 +0000 From: "Saloni Kasbekar" To: "Douglas Flick [MSFT]" , "devel@edk2.groups.io" CC: Doug Flick , "Clark-williams, Zachary" , Andrew Fish , "Leif Lindholm" , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH 3/3] [edk2-stable202402] NetworkPkg: : Updating SecurityFixes.yaml Thread-Topic: [PATCH 3/3] [edk2-stable202402] NetworkPkg: : Updating SecurityFixes.yaml Thread-Index: AQHaW8WUfZ+pWVZA50+3Frk9kB7WUrEG9kvw Date: Mon, 12 Feb 2024 17:14:25 +0000 Message-ID: References: <6bc418560bcad8a3f9647d658d7b99110198e94e.1707534069.git.doug.edk2@gmail.com> In-Reply-To: <6bc418560bcad8a3f9647d658d7b99110198e94e.1707534069.git.doug.edk2@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR11MB8281:EE_|PH0PR11MB4789:EE_ x-ms-office365-filtering-correlation-id: 86e42406-a6a3-4746-f0eb-08dc2bee1005 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: JftdpnEqXg1gFM+7IMOBPPWErufImpp4BitWBkEk1w1ovePMvDyxcG4ZezC/5aabceB0vER3031nhBVXvi6yGjAVwOwEqBQXg/gVZy1q3tH6TGi575YecysXUDusdxwVv71yiK3SrooFnHq/6CtwH4QKFlX/gQdKf/VXOGoLoYaA/9Q9bn2B2yLrasB+/Ja33xbEXLufamDCbp4AuElviDx5vyiQFowsyB1/JqOWR+zB49adk+JhKylVOkQNJJh3atZrk6Cx/dH7f4aNil5iNHhFfQkXzxgHlrVzEGWgb2FeifEpiTZ5Wvm4Hjswz5Cjj3ygSWD9ifXf1fklhBeqf63Rw7FbMN5IbaTRtCKJxODe8UdzDIgs+bg/KiBzf+cKCjStRcAboEyxAjLeRuAjvGyCvAQWuHvufUFC4tSh/z8Sthoa/cc03frf2XkCweE4oLxdXBsIl/0nWgq879qJoisog8J4KefSmr+gNiavWIieSqVrVQm42U8X8jCMxVPIoNOc98TFxWQyXogad2BV8NeJbMC4LDf+CklsMjZVsiYPXKSTqO66Cr68Zdj714rQxqaBRkRVADSoHpurHZkRA3BjguRLCpH6V8MVOdSNXZ5JQwvje31CEQ1mvNkixNPJ x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?p//yXUtYI5lz6V34S0hHsjQMeD27jNis/i0sbTo3iI0ISKaWJHuV3UPUeJiB?= =?us-ascii?Q?JdEScBwG7IWHC+l3YriDkd7vdZYXDvz5yS89ZTmIinwijTwJMyLaJ7YRhoDe?= =?us-ascii?Q?dyRvunZrYUkmvMMydfInfRIysSEyU2P+l/mb0SmmuU5PXbZ7o4ju2eb55Mmu?= =?us-ascii?Q?8EBFG7ZSqj9iXBjBj4hnzu5Ef1HqC0liok4Y/ZY0VaZXslmE+jjfiw/plyFr?= =?us-ascii?Q?ofSZ94kYvSahbdb4/yFqL2STqbTA8hFgcuohkkr+P9oFeNQ2AfC/AczK+O6Z?= =?us-ascii?Q?+gxBzLH4WMEBH6GktcqTXachgdBY4IdIQ/Ej1ejX66SmvyISUPlVdqgM+fEs?= =?us-ascii?Q?YEE851UJZgHSZqEr8ttRIJY/LyBQf9U5pCow3srYLhhB265xE7fWgVEjevwN?= =?us-ascii?Q?KU4D4ZQikt5/YcOP0U5kkehtVP1MgCWQIs0BJd59aGtyg+U7uSwpC9QXB2Dq?= =?us-ascii?Q?Q+NFfwPj7uk8/pl/9rP/H9ZSpAqHPHSVO2u+ljvvk2Rcyo0khIQDq+wiHwdn?= =?us-ascii?Q?GJQyzBxCyw4hqa+2nyP0nKomyxSVwZgsf6HF0cGLo1/8EK2+F2LjgjtnKNXu?= =?us-ascii?Q?QshO370oQvn3HLuyvG1RWbubNnsn9VakRxmme7zeslkS0NkyVQS5RMKQa+fn?= =?us-ascii?Q?//1g/sLE9689bLfN/ftEMhNJMH4ZOR3HqPE3eG9iLsC5LRhBbqE/nQq43kQj?= =?us-ascii?Q?SHNgkztUUT2OPH+B/BSqLI6/OThFxVA0BAdppQfoBr0BUCvtPTjSCbNIMf/2?= =?us-ascii?Q?Ij8pG8dYOj4KlGovryt+rpG8NlshBdQ5YeC2Qiwe1g4uS+o9rfoEkiobB+ms?= =?us-ascii?Q?ZKR9wjHs6/t5o4qHLo6aK6iNYjU+8Ygsv4aFNQxxL7H3FCaQH55HYP5fMXuO?= =?us-ascii?Q?vxFT9/vm+HGfjMvGKZF73/ivlHpc2dnyWwO0pcPZwH4s8FmYsW3j5uWDUMcA?= =?us-ascii?Q?3fxlGnjMyI7RDJPIt0czJ3dEs4mXC+i43lAFLBEjFSOLTIemchDwk05fCL8v?= =?us-ascii?Q?xlSlXe/Dj+oDOXHE7xQLz/K9fT8g/e3vkSzG5Op0mcJX5jSv+aFrqAH1yzg8?= =?us-ascii?Q?obtANEfZuXQSVKSJhJRHv0j7wmkU092v5jM2jz+7y6vnNc+pwAlCzaloVtvj?= =?us-ascii?Q?WPHYCtIrUr1Rwgr6sRN8IY7JPHmQea7Hn1cpfn8/G/W3YWNtxuWn1iyCNGHq?= =?us-ascii?Q?uwoheYDTIQM63W1LfJEncgL1eNMeqfwoC4h9JOOI3/zY6ZcKvK4EOIgOk3bD?= =?us-ascii?Q?JpAd23lLn0LNwh7w3uDLCZ8bGUHjKY+yH8L74Ptj3GuM6/Rp27ttg/S8XvKz?= =?us-ascii?Q?ONA5HgGGvb4lKpxE+xx/NKEc79wgZrVoeh5ZAeFrm8TmpCPMPWlNl5p5VUz0?= =?us-ascii?Q?bJARTiFnPu33Ku6G2MdDbJiHvg2xn2fpABH45ByF42I72YDtXwqJXsybgEvq?= =?us-ascii?Q?9PxEFTSFtFN7WNzICrKfpyxkQYozgZwdcdnjJu+uFFPwoQrdQ/NCJJlxUwBa?= =?us-ascii?Q?BK5BBD008gmMlNe5GuZ4c3Wfo/mE9Y2/enQwA26f/tVfhupRqqwncENDecdn?= =?us-ascii?Q?l37ASb6xP60z1glvXlon1sc4kIWLnk5UBPm1sRps?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB8281.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 86e42406-a6a3-4746-f0eb-08dc2bee1005 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2024 17:14:25.0259 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: YwUbbkFjwh0PCFi0YVQOPhYHQu7wbdszfvplgp4v9LN7pT+74zBw51yU7d87EMdAVOVfRK7xE6/3qxmdVCuOCfSXUMCMjGnRcz3lGPKvtpE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4789 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,saloni.kasbekar@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: waTMlCA8tA5n0p9y8Sdi5xk6x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=Z50vywbR; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Saloni Kasbekar -----Original Message----- From: Douglas Flick [MSFT] =20 Sent: Friday, February 9, 2024 7:05 PM To: devel@edk2.groups.io Cc: Doug Flick ; Kasbekar, Saloni ; Clark-williams, Zachary ; An= drew Fish ; Leif Lindholm ; Kin= ney, Michael D ; Doug Flick [MSFT] Subject: [PATCH 3/3] [edk2-stable202402] NetworkPkg: : Updating SecurityFix= es.yaml From: Doug Flick This captures the related security change for Dhcp6Dxe that is related to C= VE-2023-45229 Cc: Saloni Kasbekar Cc: Zachary Clark-williams Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Signed-off-by: Doug Flick [MSFT] --- NetworkPkg/SecurityFixes.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml = index 7e900483fec5..fa42025e0d82 100644 --- a/NetworkPkg/SecurityFixes.yaml +++ b/NetworkPkg/SecurityFixes.yaml @@ -8,6 +8,7 @@ CVE_2023_45229: commit_titles: - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-4522= 9 Patch" - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Te= sts"+ - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Pat= ch" cve: CVE-2023-45229 date_reported: 2023-08-28 13:56 UTC descripti= on: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_= TA options in a DHCPv6 Advertise message"--=20 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115365): https://edk2.groups.io/g/devel/message/115365 Mute This Topic: https://groups.io/mt/104272128/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-