[ubuntu/lunar-proposed] libtpms 0.9.3-0ubuntu2 (Accepted)

Rodrigo Figueiredo Zaiden rodrigo.zaiden at canonical.com
Mon Mar 6 12:34:15 UTC 2023 

libtpms (0.9.3-0ubuntu2) lunar; urgency=medium

  * SECURITY UPDATE: out-of-bounds read/write
    - debian/patches/CVE-2023-1017_1018.patch: add a buffer size check and
      properly reduce bufferSize variable by the number of bytes that make
      up the cipherSize in CryptParameterDecryption() in
      src/tpm2/CryptUtil.c
    - CVE-2023-1017
    - CVE-2023-1018
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/tpm2-Check-size-of-TPM2B_NAME.patch: add a buffer
      size check in TPM2_PolicyAuthorize() in src/tpm2/EACommands.c.
    - No CVE number

Date: Wed, 01 Mar 2023 18:23:14 -0300
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libtpms/0.9.3-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 01 Mar 2023 18:23:14 -0300
Source: libtpms
Built-For-Profiles: noudeb
Architecture: source
Version: 0.9.3-0ubuntu2
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Changes:
 libtpms (0.9.3-0ubuntu2) lunar; urgency=medium
 .
   * SECURITY UPDATE: out-of-bounds read/write
     - debian/patches/CVE-2023-1017_1018.patch: add a buffer size check and
       properly reduce bufferSize variable by the number of bytes that make
       up the cipherSize in CryptParameterDecryption() in
       src/tpm2/CryptUtil.c
     - CVE-2023-1017
     - CVE-2023-1018
   * SECURITY UPDATE: out-of-bounds read
     - debian/patches/tpm2-Check-size-of-TPM2B_NAME.patch: add a buffer
       size check in TPM2_PolicyAuthorize() in src/tpm2/EACommands.c.
     - No CVE number
Checksums-Sha1:
 4574c4b263aca1bc2d35701e7a6c749d510e5fa3 2090 libtpms_0.9.3-0ubuntu2.dsc
 b180481a8de8e0dccafbd10a207e7e768457a529 13404 libtpms_0.9.3-0ubuntu2.debian.tar.xz
 e0bd651dd6eb1fbb9cff120b243af6e5802aae6e 6469 libtpms_0.9.3-0ubuntu2_source.buildinfo
Checksums-Sha256:
 e142435597bd8ed862071aef14f35ef61998ae60dd6e54e57e7872660301da7b 2090 libtpms_0.9.3-0ubuntu2.dsc
 fa96b9e544e6310fb3f2cc23be2af6cfd7871285ff89ae9164423d240e1cd979 13404 libtpms_0.9.3-0ubuntu2.debian.tar.xz
 838db5f0b3b5ecdbad730bef92d27fd9df28518e2d3d11d4ca99517207a3ab37 6469 libtpms_0.9.3-0ubuntu2_source.buildinfo
Files:
 3e4f29f32d86175a1db2dbc40cad1c1c 2090 libs optional libtpms_0.9.3-0ubuntu2.dsc
 0a0ceefc75555276b7799a6a4cefcb4f 13404 libs optional libtpms_0.9.3-0ubuntu2.debian.tar.xz
 07b30ce785eb1f3bbe618f2a19177084 6469 libs optional libtpms_0.9.3-0ubuntu2_source.buildinfo
Original-Maintainer: Seunghun Han <kkamagui at gmail.com>

More information about the lunar-changes mailing list