Ubuntu
libtpms package

Change logs for libtpms source package in Jammy

  1. Jammy (22.04)
  2. Change log 
  • libtpms (0.9.3-0ubuntu1.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read/write
    - debian/patches/CVE-2023-1017_1018.patch: add a buffer size check and
      properly reduce bufferSize variable by the number of bytes that make
      up the cipherSize in CryptParameterDecryption() in
      src/tpm2/CryptUtil.c
    - CVE-2023-1017
    - CVE-2023-1018
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/tpm2-Check-size-of-TPM2B_NAME.patch: add a buffer
      size check in TPM2_PolicyAuthorize() in src/tpm2/EACommands.c.
    - No CVE number

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Wed, 01 Mar 2023 15:26:10 -0300
  • libtpms (0.9.3-0ubuntu1) jammy; urgency=medium

  * merge 0.9.3 from upstram to stabilize libtpms in jammy; related to
    but not fixing (LP: 1948748)
    - d/p/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch:
      avoid bad shift
    - drop d/p/fix-openssl3-compat.patch: part of 0.9.3
    - drop d/p/uninitialized-variable.patch: no more needed
    - ppc64 fixes from upstream as identified and added to debian 0.9.2-3
      + d/p/do_not_inline_makeiv.patch
      + d/p/no_local_check.patch
    - d/p/lp-1948748-tpm2-Check-return-code-of-BN_div.patch: fix
      coverity finding

 -- Christian Ehrhardt <email address hidden>  Wed, 30 Mar 2022 09:04:10 +0200
  • libtpms (0.9.0-0ubuntu4) jammy; urgency=medium

  * d/p/fix-openssl3-compat.patch: Cherry-picked from upstream (LP: #1962601)

 -- Simon Chopin <email address hidden>  Thu, 24 Mar 2022 19:11:59 +0100
  • libtpms (0.9.0-0ubuntu3) jammy; urgency=medium

  * No-change rebuild against openssl3

 -- Simon Chopin <email address hidden>  Wed, 24 Nov 2021 13:54:17 +0000
  • libtpms (0.9.0-0ubuntu2) jammy; urgency=medium

  * Add autopkgtest.

 -- Steve Langasek <email address hidden>  Fri, 05 Nov 2021 16:10:38 +0000
  • libtpms (0.9.0-0ubuntu1) jammy; urgency=medium

  * New upstream release.

 -- Steve Langasek <email address hidden>  Thu, 04 Nov 2021 14:46:26 -0700
  • libtpms (0.8.2-1ubuntu1) impish; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/patches/uninitialized-variable.patch: fix issues of variables
      that may be used before initialization.

libtpms (0.8.2-1) unstable; urgency=medium

  * New upstream version 0.8.2
  * Fix a security issue, CVE-2021-3446 (Closes: #986799)
  * debian/patches: Remove some useless patches because of new upstream
    version
  * debian/copyright: Fix lintian issues

 -- Steve Langasek <email address hidden>  Tue, 27 Apr 2021 23:55:31 -0700