edk2/edk2-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch

From fa892c7112cfb5aa742f358544da3788a831e431 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 13 Feb 2024 16:30:10 -0500
Subject: [PATCH 13/17] SecurityPkg: : Updating SecurityFixes.yaml after symbol
 rename

RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()
RH-Jira: RHEL-21154 RHEL-21156
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [13/13] 3bf59dbb583b67eddb54361781054cc650398309 (jmaloy/jons_fork)

JIRA: https://issues.redhat.com/browse/RHEL-21156
CVE: CVE-2022-36764
Upstream: Merged

commit 264636d8e6983e0f6dc6be2fca9d84ec81315954
Author: Doug Flick <dougflick@microsoft.com>
Date:   Wed Jan 17 14:47:22 2024 -0800

    SecurityPkg: : Updating SecurityFixes.yaml after symbol rename

    Adding the new commit titles for the symbol renames

    Cc: Jiewen Yao <jiewen.yao@intel.com>
    Cc: Rahul Kumar <rahul1.kumar@intel.com>

    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
    Message-Id: <5e0e851e97459e183420178888d4fcdadc2f1ae1.1705529990.git.doug.edk2@gmail.com>
    Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
 SecurityPkg/SecurityFixes.yaml | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
index f9e3e7be74..dc1bb83489 100644
--- a/SecurityPkg/SecurityFixes.yaml
+++ b/SecurityPkg/SecurityFixes.yaml
@@ -9,14 +9,35 @@ CVE_2022_36763:
     - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
     - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
     - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
+    - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
+    - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
+    - "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename"
   cve: CVE-2022-36763
   date_reported: 2022-10-25 11:31 UTC
   description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
   note: This patch is related to and supersedes TCBZ2168
   files_impacted:
-  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
-  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+    - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+    - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
   links:
-  - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
-  - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
-  - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
+    - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
+    - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
+CVE_2022_36764:
+  commit_titles:
+    - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
+    - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
+    - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"
+    - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
+    - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"
+    - "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename"
+  cve: CVE-2022-36764
+  date_reported: 2022-10-25 12:23 UTC
+  description: Heap Buffer Overflow in Tcg2MeasurePeImage()
+  note:
+  files_impacted:
+    - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+    - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+  links:
+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4118
+
-- 
2.41.0
* Wed Feb 14 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-11 - edk2-SecurityPkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Change-OPTIONAL-keyword-usage-style.patch [RHEL-21154 RHEL-21156] - edk2-MdePkg-Introduce-CcMeasurementProtocol-for-CC-Guest-.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Support-CcMeasurementProtocol-in-DxeTpm2.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Support-CcMeasurementProtocol-in-DxeTpmM.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-418.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SEC-PATCH-4118-2.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SEC-PATCH-4117-2.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch [RHEL-21154 RHEL-21156] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21840 RHEL-21842] - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21840 RHEL-21842] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21840 RHEL-21842] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21840 RHEL-21842] - Resolves: RHEL-21154 (CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [rhel-8]) - Resolves: RHEL-21156 (CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [rhel-8]) - Resolves: RHEL-21840 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-8]) - Resolves: RHEL-21842 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-8]) 2024-02-14 16:57:41 +00:00			`From fa892c7112cfb5aa742f358544da3788a831e431 Mon Sep 17 00:00:00 2001`
			`From: Jon Maloy <jmaloy@redhat.com>`
			`Date: Tue, 13 Feb 2024 16:30:10 -0500`
			`Subject: [PATCH 13/17] SecurityPkg: : Updating SecurityFixes.yaml after symbol`
			`rename`

			`RH-Author: Jon Maloy <jmaloy@redhat.com>`
			`RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()`
			`RH-Jira: RHEL-21154 RHEL-21156`
			`RH-Acked-by: Laszlo Ersek <lersek@redhat.com>`
			`RH-Commit: [13/13] 3bf59dbb583b67eddb54361781054cc650398309 (jmaloy/jons_fork)`

			`JIRA: https://issues.redhat.com/browse/RHEL-21156`
			`CVE: CVE-2022-36764`
			`Upstream: Merged`

			`commit 264636d8e6983e0f6dc6be2fca9d84ec81315954`
			`Author: Doug Flick <dougflick@microsoft.com>`
			`Date: Wed Jan 17 14:47:22 2024 -0800`

			`SecurityPkg: : Updating SecurityFixes.yaml after symbol rename`

			`Adding the new commit titles for the symbol renames`

			`Cc: Jiewen Yao <jiewen.yao@intel.com>`
			`Cc: Rahul Kumar <rahul1.kumar@intel.com>`

			`Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>`
			`Message-Id: <5e0e851e97459e183420178888d4fcdadc2f1ae1.1705529990.git.doug.edk2@gmail.com>`
			`Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>`

			`Signed-off-by: Jon Maloy <jmaloy@redhat.com>`
			`---`
			`SecurityPkg/SecurityFixes.yaml \| 31 ++++++++++++++++++++++++++-----`
			`1 file changed, 26 insertions(+), 5 deletions(-)`

			`diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml`
			`index f9e3e7be74..dc1bb83489 100644`
			`--- a/SecurityPkg/SecurityFixes.yaml`
			`+++ b/SecurityPkg/SecurityFixes.yaml`
			`@@ -9,14 +9,35 @@ CVE_2022_36763:`
			`- "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"`
			`- "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"`
			`- "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"`
			`+ - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"`
			`+ - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"`
			`+ - "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename"`
			`cve: CVE-2022-36763`
			`date_reported: 2022-10-25 11:31 UTC`
			`description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()`
			`note: This patch is related to and supersedes TCBZ2168`
			`files_impacted:`
			`- - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c`
			`- - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c`
			`+ - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c`
			`+ - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c`
			`links:`
			`- - https://bugzilla.tianocore.org/show_bug.cgi?id=4117`
			`- - https://bugzilla.tianocore.org/show_bug.cgi?id=2168`
			`- - https://bugzilla.tianocore.org/show_bug.cgi?id=1990`
			`+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4117`
			`+ - https://bugzilla.tianocore.org/show_bug.cgi?id=2168`
			`+ - https://bugzilla.tianocore.org/show_bug.cgi?id=1990`
			`+CVE_2022_36764:`
			`+ commit_titles:`
			`+ - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"`
			`+ - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"`
			`+ - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"`
			`+ - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"`
			`+ - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename"`
			`+ - "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename"`
			`+ cve: CVE-2022-36764`
			`+ date_reported: 2022-10-25 12:23 UTC`
			`+ description: Heap Buffer Overflow in Tcg2MeasurePeImage()`
			`+ note:`
			`+ files_impacted:`
			`+ - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c`
			`+ - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c`
			`+ links:`
			`+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4118`
			`+`
			`--`
			`2.41.0`