Change logs for libtpms source package in Lunar
-
libtpms (0.9.3-0ubuntu2) lunar; urgency=medium * SECURITY UPDATE: out-of-bounds read/write - debian/patches/CVE-2023-1017_1018.patch: add a buffer size check and properly reduce bufferSize variable by the number of bytes that make up the cipherSize in CryptParameterDecryption() in src/tpm2/CryptUtil.c - CVE-2023-1017 - CVE-2023-1018 * SECURITY UPDATE: out-of-bounds read - debian/patches/tpm2-Check-size-of-TPM2B_NAME.patch: add a buffer size check in TPM2_PolicyAuthorize() in src/tpm2/EACommands.c. - No CVE number -- Rodrigo Figueiredo Zaiden <email address hidden> Wed, 01 Mar 2023 18:23:14 -0300
-
libtpms (0.9.3-0ubuntu1) jammy; urgency=medium * merge 0.9.3 from upstram to stabilize libtpms in jammy; related to but not fixing (LP: 1948748) - d/p/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch: avoid bad shift - drop d/p/fix-openssl3-compat.patch: part of 0.9.3 - drop d/p/uninitialized-variable.patch: no more needed - ppc64 fixes from upstream as identified and added to debian 0.9.2-3 + d/p/do_not_inline_makeiv.patch + d/p/no_local_check.patch - d/p/lp-1948748-tpm2-Check-return-code-of-BN_div.patch: fix coverity finding -- Christian Ehrhardt <email address hidden> Wed, 30 Mar 2022 09:04:10 +0200