[ubuntu/questing-proposed] libtpms 0.9.3-0ubuntu5 (Accepted)

Thu Jul 3 17:31:14 UTC 2025

libtpms (0.9.3-0ubuntu5) questing; urgency=medium

  * SECURITY UPDATE: Out of bounds access, denial of service
    - debian/patches/CVE-2025-49133.patch: Fix potential out-of-
      bound access & abort due to HMAC signing issue in tpm2/CryptUtil.c
    - CVE-2025-49133
  * debian/patches/do_not_inline_makeiv.patch: updated patch to set noinline
    attribute for all arch's instead of just ppc64 to fix compiler warning
    causing ftbfs in tpm2/AlgorithmTests.c
  * debian/patches/fix_ftbfs_crpytomacend.patch: add assertions to quiet
    compiler warning causing ftbfs in tpm2/crypto/openssl/CryptCmacEnd.c

Date: Wed, 25 Jun 2025 11:54:50 -0700
Changed-By: Elise Hlady <elise.hlady at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libtpms/0.9.3-0ubuntu5
-------------- next part --------------
Format: 1.8
Date: Wed, 25 Jun 2025 11:54:50 -0700
Source: libtpms
Built-For-Profiles: noudeb
Architecture: source
Version: 0.9.3-0ubuntu5
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Elise Hlady <elise.hlady at canonical.com>
Changes:
 libtpms (0.9.3-0ubuntu5) questing; urgency=medium
 .
   * SECURITY UPDATE: Out of bounds access, denial of service
     - debian/patches/CVE-2025-49133.patch: Fix potential out-of-
       bound access & abort due to HMAC signing issue in tpm2/CryptUtil.c
     - CVE-2025-49133
   * debian/patches/do_not_inline_makeiv.patch: updated patch to set noinline
     attribute for all arch's instead of just ppc64 to fix compiler warning
     causing ftbfs in tpm2/AlgorithmTests.c
   * debian/patches/fix_ftbfs_crpytomacend.patch: add assertions to quiet
     compiler warning causing ftbfs in tpm2/crypto/openssl/CryptCmacEnd.c
Checksums-Sha1:
 dbfc2fb47d3aa13d753ecd39c5dd096bc326cdd8 2090 libtpms_0.9.3-0ubuntu5.dsc
 9301bb2177a5e68d3eb39fc2957288ab83097f9d 16560 libtpms_0.9.3-0ubuntu5.debian.tar.xz
 ff154c86b416350f765b1ddb6593490e9ea5d575 6463 libtpms_0.9.3-0ubuntu5_source.buildinfo
Checksums-Sha256:
 8147e0cf61cfe2812a91260c10506e45757ea94f0d72a78dc427b919330e5098 2090 libtpms_0.9.3-0ubuntu5.dsc
 4d248f9b0e8fb526cb52835a8e144ce4ba9739fe295b12f4cf46b33dc46b81e8 16560 libtpms_0.9.3-0ubuntu5.debian.tar.xz
 88eb816387fcfa5d8e707d82bd22faac0a1855dfc41b2efbca9b385097df75aa 6463 libtpms_0.9.3-0ubuntu5_source.buildinfo
Files:
 24777b85359f8ee4516f219577d4667c 2090 libs optional libtpms_0.9.3-0ubuntu5.dsc
 5feb9be567dd0f7c769729568b202511 16560 libs optional libtpms_0.9.3-0ubuntu5.debian.tar.xz
 930b17e975856d031150b03c5e1a7575 6463 libs optional libtpms_0.9.3-0ubuntu5_source.buildinfo
Original-Maintainer: Seunghun Han <kkamagui at gmail.com>