edk2/0017-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch

From 02c99cab3ac4b61a9e274e1db7802a06e772abaf Mon Sep 17 00:00:00 2001
From: "Douglas Flick [MSFT]" <doug.edk2@gmail.com>
Date: Fri, 12 Jan 2024 02:16:06 +0800
Subject: [PATCH 06/10] SecurityPkg: : Adding CVE 2022-36764 to
 SecurityFixes.yaml

This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

reference: https://github.com/tianocore/edk2/pull/5264
Signed-off-by: yexiao <yexiao7@huawei.com>
---
 SecurityPkg/SecurityFixes.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
index 36ac267e..ceaaa256 100644
--- a/SecurityPkg/SecurityFixes.yaml
+++ b/SecurityPkg/SecurityFixes.yaml
@@ -20,3 +20,17 @@ CVE_2022_36763:
   - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
   - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
   - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
+CVE_2022_36764:
+  commit_titles:
+     - "SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
+     - "SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764"
+     - "SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml"
+  cve: CVE-2022-36764
+  date_reported: 2022-10-25 12:23 UTC
+  description: Heap Buffer Overflow in Tcg2MeasurePeImage()
+  note:
+  files_impacted:
+  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
+  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+  links:
+  - https://bugzilla.tianocore.org/show_bug.cgi?id=4118
-- 
2.33.0