From fa892c7112cfb5aa742f358544da3788a831e431 Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Tue, 13 Feb 2024 16:30:10 -0500 Subject: [PATCH 13/17] SecurityPkg: : Updating SecurityFixes.yaml after symbol rename RH-Author: Jon Maloy RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable() RH-Jira: RHEL-21154 RHEL-21156 RH-Acked-by: Laszlo Ersek RH-Commit: [13/13] 3bf59dbb583b67eddb54361781054cc650398309 (jmaloy/jons_fork) JIRA: https://issues.redhat.com/browse/RHEL-21156 CVE: CVE-2022-36764 Upstream: Merged commit 264636d8e6983e0f6dc6be2fca9d84ec81315954 Author: Doug Flick Date: Wed Jan 17 14:47:22 2024 -0800 SecurityPkg: : Updating SecurityFixes.yaml after symbol rename Adding the new commit titles for the symbol renames Cc: Jiewen Yao Cc: Rahul Kumar Signed-off-by: Doug Flick [MSFT] Message-Id: <5e0e851e97459e183420178888d4fcdadc2f1ae1.1705529990.git.doug.edk2@gmail.com> Reviewed-by: Jiewen Yao Signed-off-by: Jon Maloy --- SecurityPkg/SecurityFixes.yaml | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml index f9e3e7be74..dc1bb83489 100644 --- a/SecurityPkg/SecurityFixes.yaml +++ b/SecurityPkg/SecurityFixes.yaml @@ -9,14 +9,35 @@ CVE_2022_36763: - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763" - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763" - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml" + - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename" + - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename" + - "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename" cve: CVE-2022-36763 date_reported: 2022-10-25 11:31 UTC description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable() note: This patch is related to and supersedes TCBZ2168 files_impacted: - - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c - - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c + - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c + - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c links: - - https://bugzilla.tianocore.org/show_bug.cgi?id=4117 - - https://bugzilla.tianocore.org/show_bug.cgi?id=2168 - - https://bugzilla.tianocore.org/show_bug.cgi?id=1990 + - https://bugzilla.tianocore.org/show_bug.cgi?id=4117 + - https://bugzilla.tianocore.org/show_bug.cgi?id=2168 + - https://bugzilla.tianocore.org/show_bug.cgi?id=1990 +CVE_2022_36764: + commit_titles: + - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764" + - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764" + - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml" + - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename" + - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename" + - "SecurityPkg: : Updating SecurityFixes.yaml after symbol rename" + cve: CVE-2022-36764 + date_reported: 2022-10-25 12:23 UTC + description: Heap Buffer Overflow in Tcg2MeasurePeImage() + note: + files_impacted: + - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c + - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c + links: + - https://bugzilla.tianocore.org/show_bug.cgi?id=4118 + -- 2.41.0