[Bug 1948748] Re: [MIR] swtpm

[Christian Ehrhardt ]

Thanks for the ping Seth
The fix for that is in:

commit 0f75b4baf272fd08e39d636e6c1f37585d752e1e
Author: Stefan Berger <stefanb at linux.ibm.com>
Date:   Wed Feb 16 11:17:47 2022 -0500

    swtpm: Check header size indicator against expected size (CID
375869)

But in fact swtpm has stable branches and 0.6.3 seems to be a safe fix-only update to what we have.
I'll try to prep that to then have Foundations sign-off and upload.

Bonus: the recent upload for the apparmor profiles has failed tests
(despite all pre-checks) and needs to be resolved anyway.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23645

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1948748

Title:
  [MIR] swtpm

Status in autogen package in Ubuntu:
  Won't Fix
Status in gnutls28 package in Ubuntu:
  Won't Fix
Status in libtpms package in Ubuntu:
  New
Status in swtpm package in Ubuntu:
  New

Bug description:
  [Availability]
  Available in universe in jammy.

  [Rationale]
  Needed in order to provide TPM functionality to VMs through kvm/libvirt; should be a Recommends: of qemu-system-x86

  [Security]
  Several security bugs found and fixed in libtpms this year http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libtpms

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3746 currently
  remains unfixed in the version present in jammy (DoS bug).

  [Quality assurance]
  Limited history: package not present in Debian, and only in Ubuntu since jammy.

  [UI standards]
  N/A

  [Dependencies]
  swtpm and libtpms; no further dependencies outside of main.

  [Standards compliance]
  OK

  [Maintenance]
  To be maintained by the Foundations Team.

  [Background information]
  N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autogen/+bug/1948748/+subscriptions