Debian Patches

Status for libtpms/0.9.2-3.2

Patch Description Author Forwarded Bugs Origin Last update
no_local_check.patch Do not run check-local due to bug in ppc64 gcc on Jammy

ppc64 gcc has a bug causing issued in check-local.
Therefore, do not run check-local while ppc64 gcc is broken
on Ubuntu Jammy.		 no
0003-set-man-page-date-to-last-changelog.patch Set the date of man pages to the last changelog entry. not-needed
0004-fix-ftbfs-bug.patch Fix FTBFS caused by the incomplete condition. not-needed
do_not_inline_makeiv.patch Do not inline MakeIV due toppc64 compiler issue

The ppc64 gcc compiler has an issue with MakeIv.		 no
tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)

Check that there are sufficient bytes in the buffer before reading the
cipherSize from it. Also, reduce the bufferSize variable by the number
of bytes that make up the cipherSize to avoid reading and writing bytes
beyond the buffer in subsequent steps that do in-place decryption.

This fixes CVE-2023-1017 & CVE-2023-1018.		 Stefan Berger <stefanb@linux.ibm.com> no debian https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4 2023-02-20
CVE-2025-49133.patch tpm2: Fix potential out-of-bound access & abort due to HMAC signing issue
Fix an HMAC signing issue that may causes an out-of-bounds access in a
TPM2B that in turn was running into an assert() in libtpms causing an
abort. The signing issue was due to an inconsistent pairing of the signKey
and signScheme parameters, where the signKey is ALG_KEYEDHASH key and
inScheme is an ECC or RSA scheme.

This fixes CVE-2025-49133.		 Stefan Berger <stefanb@linux.ibm.com> no upstream, 9f9baccdba9cd3fc32f1355613abd094b21f7ba0 2024-07-09

All known versions for source package 'libtpms'

Links