edk2/0014-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch

From 44c29a76c7bba325ba55b41811e5bbe22d1552a7 Mon Sep 17 00:00:00 2001
From: "Douglas Flick [MSFT]" <doug.edk2@gmail.com>
Date: Fri, 12 Jan 2024 02:16:03 +0800
Subject: [PATCH 03/10] SecurityPkg: : Adding CVE 2022-36763 to
 SecurityFixes.yaml

This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

reference: https://github.com/tianocore/edk2/pull/5264
Signed-off-by: yexiao <yexiao7@huawei.com>
---
 SecurityPkg/SecurityFixes.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 SecurityPkg/SecurityFixes.yaml

diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
new file mode 100644
index 00000000..36ac267e
--- /dev/null
+++ b/SecurityPkg/SecurityFixes.yaml
@@ -0,0 +1,22 @@
+## @file
+# Security Fixes for SecurityPkg
+#
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+CVE_2022_36763:
+  commit_titles:
+    - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
+    - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
+    - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
+  cve: CVE-2022-36763
+  date_reported: 2022-10-25 11:31 UTC
+  description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
+  note: This patch is related to and supersedes TCBZ2168
+  files_impacted:
+  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+  links:
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
-- 
2.33.0