-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 10 Feb 2024 14:02:37 -0700
Source: edk2
Architecture: source
Version: 2023.11-6
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Changes:
edk2 (2023.11-6) unstable; urgency=medium
.
* Cherry-pick security fixes from upstream:
- Fix a buffer overflow via a long server ID option in DHCPv6
client, CVE-2023-45230:
+ 0001-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch
+ 0002-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch
+ 0003-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch
- Fix an out-of-bounds read vulnerability when processing the IA_NA
or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229:
+ 0004-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch
+ 0005-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch
- Fix an out-of-bounds read when processing Neighbor Discovery
Redirect messages, CVE-2023-45231:
+ 0006-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch
+ 0007-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch
- Avoid an infinite loop when parsing unknown options in the
Destination Options header of IPv6, CVE-2023-45232:
+ 0008-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch
+ 0009-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch
- Avoid an infinite loop when parsing a PadN option in the
Destination Options header of IPv6, CVE-2023-45233:
+ 0010-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
+ 0011-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Fix a potential buffer overflow when processing a DNS Servers
option from a DHCPv6 Advertise message, CVE-2023-45234:
+ 0013-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Fix a potential buffer overflow when handling a Server ID option
from a DHCPv6 proxy Advertise message, CVE-2023-45235:
+ 0012-MdePkg-Test-Add-gRT_GetTime-Google-Test-Mock.patch
+ 0014-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
- Record fixes in a SecurityFix.yaml file:
+ 0015-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch
Checksums-Sha1:
efe901748e69cd5ff4c7761c67d50ff48d287ed8 3053 edk2_2023.11-6.dsc
1f334c2b8df828854d68290b7f70d18571c37234 79492 edk2_2023.11-6.debian.tar.xz
9f23085ca821e6286a4966fdee0348e8648ab854 11970 edk2_2023.11-6_source.buildinfo
Checksums-Sha256:
10e38ea1ba032b86e3e7d52c15594cb63a0788e205f0d388a768c30734f53d6c 3053 edk2_2023.11-6.dsc
e77c559a2c091524fd217e040961e4b1fbe7cb2a6c0ae03482276c792369b231 79492 edk2_2023.11-6.debian.tar.xz
982faaadb5bc34eff4d52bb5ddd3ec911d0e630975509c2a935a067c963e7f5f 11970 edk2_2023.11-6_source.buildinfo
Files:
bedad59fdd49f5aad9e4a8f421a22177 3053 misc optional edk2_2023.11-6.dsc
cee0dd37f0c6990d7e3199a4abc5de86 79492 misc optional edk2_2023.11-6.debian.tar.xz
e746f96110cba73486ce5e4d208e993e 11970 misc optional edk2_2023.11-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAmXH5PsRHGRhbm5mQGRl
Ymlhbi5vcmcACgkQG/g8XlT8hkCtEQ//UOyR4jdJ/FkhjU4udDIva/obI1/gZGMF
p7AlDRqdvK8VzIYPju0/knBHBVEcAlnFopHLFgXOkjwSu79aWiHCePLy+DeMkp+F
6vvR817o5GGt4XcNL+x7ewLkDs+F13ws9axx76IAZ8Z7fVlSux5wesgevobrPwJ7
xkI4eRKIqQ3x7af52Udi9iC88NWcaDZfcN0hzYBuoDASGU1ZnYKg+ZcQOw+0AHzx
H2VpDZImDST4LuT6nn07jMSSRqhRFoReC7ARVjEicicaM8IjIfuMocgGavkkBc2Z
iDGiSov8G2rWa3dt95s9VGYVN/gDDfaqRDXLmS19jmKN1tku0RBigw2E9QV3KwI4
EbD0Ru51rMDb7ZAv2982dgNZK/TPfww84foOzSHtjCZXanOkLmDU8Ia4NJVihqKs
B5I2d+evBQTyXYU/5DL9VFOjVdH2+oou1k7vBbU4qQkkC1QxutNJIXVd/CnKaXIn
0saoqE03VUq1yN7FsGLfvOvjJzJyx+/e1RNDk77xq2eOiTdo7EgCXDwVkyUsoWMp
Ook2eVcWq1n09CzYmFSvYWIP+9E+EH7gHug5QnkMVQx67MKdOdU4c53zoRnxG1Qw
/CDoEsvew07CbAPBKP8Eh/xeI2/ALPZ9GS0LvY8gu1w3LXhi4FZ34C6k0a2qqNJC
zdFRZlUdSBw=
=kkY9
-----END PGP SIGNATURE-----
