Your message dated Fri, 04 Feb 2022 06:48:51 +0000
with message-id <[email protected]>
and subject line Bug#990522: fixed in libtpms 0.9.1-1
has caused the Debian Bug report #990522,
regarding libtpms: CVE-2021-3623
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
990522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990522
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtpms
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for libtpms.
CVE-2021-3623[0]:
out-of-bounds access when trying to resume the state of the vTPM
https://github.com/stefanberger/libtpms/pull/223
https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263
https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809
https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3623
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libtpms
Source-Version: 0.9.1-1
Done: Seunghun Han <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libtpms, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Seunghun Han <[email protected]> (supplier of updated libtpms package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 04 Feb 2022 15:03:03 +0900
Source: libtpms
Binary: libtpms-dev libtpms0 libtpms0-dbgsym
Architecture: source amd64
Version: 0.9.1-1
Distribution: unstable
Urgency: medium
Maintainer: Seunghun Han <[email protected]>
Changed-By: Seunghun Han <[email protected]>
Description:
libtpms-dev - libtpms header files and man pages
libtpms0 - TPM emulation library
Closes: 990522
Changes:
libtpms (0.9.1-1) unstable; urgency=medium
.
* New upstream version 0.9.1
* Fix a security issue, CVE-2021-3623 (Closes: #990522)
* debian/patches: Remove some useless patches because of new upstream
version
* debian/control: Change Standards-Version to 4.6.0
Checksums-Sha1:
e78ed3412ca6afeced1246697b60495a16d8710b 1954 libtpms_0.9.1-1.dsc
91124bb4bcec390813149bdb5ea48d3147fcb06b 1261528 libtpms_0.9.1.orig.tar.gz
998f388ab01a758170790c8b5ff7c1f622f66a19 8800 libtpms_0.9.1-1.debian.tar.xz
0f4eb42f893e065b33aa61e8b3de9ef7a378cead 443356 libtpms-dev_0.9.1-1_amd64.deb
4240a6ce653c2e1ed24917e8e77443690775f62e 988900
libtpms0-dbgsym_0.9.1-1_amd64.deb
b98debd87907591a757e5cfb78b51c4046789d4e 322248 libtpms0_0.9.1-1_amd64.deb
1ca409076cff6af97f89a1fde17bce3a977e48ae 6378 libtpms_0.9.1-1_amd64.buildinfo
Checksums-Sha256:
69714399db86bc39d4bc4c6320d3f9618cf9c4eb24b658e3eb968f4d6c00e058 1954
libtpms_0.9.1-1.dsc
9a4d1ed07b78142c394faad1a1481771d470048f5859e80593fe42c82e5635a5 1261528
libtpms_0.9.1.orig.tar.gz
2cd9873b39ac4eebe383476f193cce073d865db51f26fc30dd59b0226baa6cd5 8800
libtpms_0.9.1-1.debian.tar.xz
066016545377ef5c46e6558c97e6e067511f958cb39d7a6e3fd2754caf7586d8 443356
libtpms-dev_0.9.1-1_amd64.deb
ddfbcd207004194a195af3abf7f9c7bc3508d5689276e74df8a35cfbffae33be 988900
libtpms0-dbgsym_0.9.1-1_amd64.deb
7daa4cc983578376f5bea1b8f6bf9b0f42997a7c3af51f5b4cc5f7f96e847597 322248
libtpms0_0.9.1-1_amd64.deb
f40c4b89603cf022fc430f89b22f5b30738572732c8d870f22ff637807ec2b64 6378
libtpms_0.9.1-1_amd64.buildinfo
Files:
438816dd28390cf6f427abb7724dc56b 1954 libs optional libtpms_0.9.1-1.dsc
1a287b8b6f87a7f28d925e24952a1d57 1261528 libs optional
libtpms_0.9.1.orig.tar.gz
6762cfa0ba7c638314c457a7ba3f076a 8800 libs optional
libtpms_0.9.1-1.debian.tar.xz
19aae5b697ea2e5fb5a894f25d99eb60 443356 libdevel optional
libtpms-dev_0.9.1-1_amd64.deb
c5f9a775c34271ccf198c7dbcf421d38 988900 debug optional
libtpms0-dbgsym_0.9.1-1_amd64.deb
b4dfc883188aef0438d5b88a6cd858bd 322248 libs optional
libtpms0_0.9.1-1_amd64.deb
57764e7aec067dde12decd9d3c03873e 6378 libs optional
libtpms_0.9.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEJkpgMMG6tOqCw39E4GN2gkrFq6kFAmH8yN8THGtrYW1hZ3Vp
QGdtYWlsLmNvbQAKCRDgY3aCSsWrqfdDD/99ZdPC5s6wTw5N1s9AyqOp9jvf1tf+
1+6CVgALLwtklUFbMMUEG6ZY74H0I+V9Oa2GkDX4bbocPcTwCI/cPoBuQDXHO+jK
XBLmrhcxhtZP5nnRdWyodQBlO1cmVDmLtUxNiqPkUoO1s9tx3vMOQ4gOBKiMcsus
nv5a/RtjzEzA2gZhcqeOHzgCLwNvFsmAOh9hmS+1/dwzv0N7UzrCuFqLZJ+aR1aE
FL1Cae/gfq9J8SAuM5haw8PrBuvboHAOG8xLM6O8/OaK55fo38Z/B1sH0YdS39Tz
Ds9x4+KwE/Geae5awDSkXk7cULzByGyOKM70DnOWbsotSyvWYW6wmpLbLp3W1kTG
rN0kRhUZGHaCJarrBs11Wh9e3QSqoDWih1znieR32HeyUpZCzbgeYjrJ99Y4foCl
CQ758EUDUSfGD60t+sFLie7tMM50oFW70kxHlErltOap/Mo3MUMWwGIFqD6bqoAf
WT6Z8BRIB3+2ovt5bVi1mVIUt7jJAgyAUSP7nSSMgK0ANGJxQ6N0XV794nAdkqEg
Wv9APyFkbA3IIL9vnv//k7SPXGjRrHAWteswatB+L+8E0LQbT3681+rtMbcFO9nx
PA9RnpqJaGkCLQ/3Or3f/q7w4V5dlq5trYHg8uzh0iVz7sxmqLZHCa8dGu5zLLr4
Hsg3LM6N/R8OZA==
=9HCH
-----END PGP SIGNATURE-----
--- End Message ---
