SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml

This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

1 files changed, 22 insertions, 0 deletions

diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
new file mode 100644
index 0000000000..f9e3e7be74
--- /dev/null
+++ b/SecurityPkg/SecurityFixes.yaml
@@ -0,0 +1,22 @@
+## @file

+# Security Fixes for SecurityPkg

+#

+# Copyright (c) Microsoft Corporation

+# SPDX-License-Identifier: BSD-2-Clause-Patent

+##

+CVE_2022_36763:

+  commit_titles:

+    - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"

+    - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"

+    - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"

+  cve: CVE-2022-36763

+  date_reported: 2022-10-25 11:31 UTC

+  description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()

+  note: This patch is related to and supersedes TCBZ2168

+  files_impacted:

+  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c

+  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c

+  links:

+  - https://bugzilla.tianocore.org/show_bug.cgi?id=4117

+  - https://bugzilla.tianocore.org/show_bug.cgi?id=2168

+  - https://bugzilla.tianocore.org/show_bug.cgi?id=1990