packages/edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
edk2/0039-NetworkPkg-Updating-SecurityFixes.yaml.patch
yexiao e237463fd2 Fix som CVE 
Fix CVE-2023-45229、CVE-2023-45230、CVE-2023-45231、CVE-2023-45232、CVE-2023-45233、CVE-2023-45234、CVE-2023-45235

Signed-off-by: yexiao <yexiao7@huawei.com>
(cherry picked from commit aa6a1dc11863945714f63746d5f1159ed3ede3e7)
2024-03-18 10:53:43 +08:00

36 lines
1.4 KiB
Diff
Raw Permalink Blame History

From 07a04bb21a4c6c55aa63cfacdab3e621e847f951 Mon Sep 17 00:00:00 2001
From: Doug Flick <dougflick@microsoft.com>
Date: Tue, 13 Feb 2024 10:46:03 -0800
Subject: [PATCH 19/19] NetworkPkg: : Updating SecurityFixes.yaml
This captures the related security change for Dhcp6Dxe that is related
to CVE-2023-45229
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
reference: https://github.com/tianocore/edk2/pull/5372
Signed-off-by: yexiao <yexiao7@huawei.com>
---
NetworkPkg/SecurityFixes.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
index 0b37bbda..7d716ffc 100644
--- a/NetworkPkg/SecurityFixes.yaml
+++ b/NetworkPkg/SecurityFixes.yaml
@@ -8,6 +8,7 @@ CVE_2023_45229:
commit_titles:
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch"
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests"
+ - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch"
cve: CVE-2023-45229
date_reported: 2023-08-28 13:56 UTC
description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message"
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink