-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 20 Jan 2024 09:13:36 -0700 Source: edk2 Architecture: source Version: 2023.11-5 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: dann frazier <dannf@debian.org> Closes: 1060408 Changes: edk2 (2023.11-5) unstable; urgency=medium . * Cherry-pick security fixes from upstream (Closes: #1060408): - Fix heap buffer overflow in Tcg2MeasureGptTable(), CVE-2022-36763 + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch + 0003-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch - Fix heap buffer overflow in Tcg2MeasurePeImage(), CVE-2022-36764 + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch + 0003-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch - Fix build failure due to symbol collision in above patches: + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-3.patch + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117-2.patch + 0003-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch - Fix integer overflow in CreateHob(), CVE-2022-36765 + 0001-UefiPayloadPkg-Hob-Integer-Overflow-in-CreateHob.patch Checksums-Sha1: 36c8fb89274bbfdf3c762dccbd101921b0039400 3053 edk2_2023.11-5.dsc fedfc68e9a61f9806ccb9c6cc1ff300fc5767085 54136 edk2_2023.11-5.debian.tar.xz 1da0642a970fd22e5fd06d8281e54f4be0e2c4d9 11572 edk2_2023.11-5_source.buildinfo Checksums-Sha256: 8b4e54f589169c3a568a924eb7a970622f39723ae5fa360bf089ad964f574452 3053 edk2_2023.11-5.dsc e411b134dcd46fb29dbfc360910403dc79666c27cbe4a6e4ee178c56c952b4fb 54136 edk2_2023.11-5.debian.tar.xz f34f1ee48a73933a61084f53ed2a40bb0306e72d3333e3d23eb9edb520a51ec1 11572 edk2_2023.11-5_source.buildinfo Files: ccbbbf95dcd3fbb7623575c427e2ee18 3053 misc optional edk2_2023.11-5.dsc 525459b5148e0d4f337e683aef85cc4a 54136 misc optional edk2_2023.11-5.debian.tar.xz 66b9123b52b4ae7983e1a0fb46b87cd9 11572 misc optional edk2_2023.11-5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAmWr8ZARHGRhbm5mQGRl Ymlhbi5vcmcACgkQG/g8XlT8hkCXuw//RCT1Y0ppuDbe6pLpSQ8plldZtC4cRJOt viwzOsNhHkZd0mimJE+Y713fgHi+BTKbmF27veAqARJB71ed5FgBm9JUEF5eAWCH KDS+G88vEV3xqldQCJE4kbfPLbrurcsTBY9TigIY6EazYQ7iv0uvTmdtsAfQP3ju uazz/MoLyeZ4eGZZH59eEy/ZLZ2q/X73ZqXW0xeflreoQ9r19hDUVnigyBKraVEK yw07zVT80DV0lXG/tn23WBWx37tt2+ghsEqRyMvMH4p0rJzrO6IJSKnAyiTnF9bj dUMRW9JV4DYRiQrCJsITC/Etjv5ox5L6HCgwe3qCuj+TvOMMXVLKrTaHREs/wqZx JpfqLZyusJP9bU8noRabVgVt48KA8cjYleHnVtmQWv+9iqJvUt8PsMF1G5EGBvOx sCsirRMxfjXGzkUMA1bqyOeyDJULks+SSluciu+53ckIF2jK5de5soZP/OFFqxAY CuLPsKMX6Bj9U4x1iXBK1eOd4eYdgrLFzcROiswuAOb++rbBR3DwvFuhE48wpbvd z53FHL/LUfEjH4mUrXRgG/yZp7v19DY2uHwGgpnclhvmrUKHXVcK6934lxsM6wUq 12nLCEdcIwAatROG0Wub3JVOrBGjaSdOkNEBcaGfbyEcn7fyk/PaUCIxiILmk9V4 FBdmTLIwLUo= =d6/b -----END PGP SIGNATURE-----
