-
libtpms (0.9.3-0ubuntu1.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read/write
- debian/patches/CVE-2023-1017_1018.patch: add a buffer size check and
properly reduce bufferSize variable by the number of bytes that make
up the cipherSize in CryptParameterDecryption() in
src/tpm2/CryptUtil.c
- CVE-2023-1017
- CVE-2023-1018
* SECURITY UPDATE: out-of-bounds read
- debian/patches/tpm2-Check-size-of-TPM2B_NAME.patch: add a buffer
size check in TPM2_PolicyAuthorize() in src/tpm2/EACommands.c.
- No CVE number
-- Rodrigo Figueiredo Zaiden <email address hidden> Wed, 01 Mar 2023 15:26:10 -0300
-
libtpms (0.9.3-0ubuntu1) jammy; urgency=medium
* merge 0.9.3 from upstram to stabilize libtpms in jammy; related to
but not fixing (LP: 1948748)
- d/p/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch:
avoid bad shift
- drop d/p/fix-openssl3-compat.patch: part of 0.9.3
- drop d/p/uninitialized-variable.patch: no more needed
- ppc64 fixes from upstream as identified and added to debian 0.9.2-3
+ d/p/do_not_inline_makeiv.patch
+ d/p/no_local_check.patch
- d/p/lp-1948748-tpm2-Check-return-code-of-BN_div.patch: fix
coverity finding
-- Christian Ehrhardt <email address hidden> Wed, 30 Mar 2022 09:04:10 +0200
-
libtpms (0.9.0-0ubuntu4) jammy; urgency=medium
* d/p/fix-openssl3-compat.patch: Cherry-picked from upstream (LP: #1962601)
-- Simon Chopin <email address hidden> Thu, 24 Mar 2022 19:11:59 +0100
-
libtpms (0.9.0-0ubuntu3) jammy; urgency=medium
* No-change rebuild against openssl3
-- Simon Chopin <email address hidden> Wed, 24 Nov 2021 13:54:17 +0000
-
libtpms (0.9.0-0ubuntu2) jammy; urgency=medium
* Add autopkgtest.
-- Steve Langasek <email address hidden> Fri, 05 Nov 2021 16:10:38 +0000
-
libtpms (0.9.0-0ubuntu1) jammy; urgency=medium
* New upstream release.
-- Steve Langasek <email address hidden> Thu, 04 Nov 2021 14:46:26 -0700
-
libtpms (0.8.2-1ubuntu1) impish; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/uninitialized-variable.patch: fix issues of variables
that may be used before initialization.
libtpms (0.8.2-1) unstable; urgency=medium
* New upstream version 0.8.2
* Fix a security issue, CVE-2021-3446 (Closes: #986799)
* debian/patches: Remove some useless patches because of new upstream
version
* debian/copyright: Fix lintian issues
-- Steve Langasek <email address hidden> Tue, 27 Apr 2021 23:55:31 -0700