Forum: >>> Magnum BBS <<<

Bug#1107617: libtpms: CVE-2025-49133: Fix potential out-of-bound access

From Bastian Germann@21:1/5 to All on Thu Jun 12 10:20:01 2025

Control: tags -1 patch

I am uploading a NMU to fix this.
The debdiff is attached.

diff -Nru libtpms-0.9.2/debian/changelog libtpms-0.9.2/debian/changelog
--- libtpms-0.9.2/debian/changelog 2023-03-07 22:32:00.000000000 +0100
+++ libtpms-0.9.2/debian/changelog 2025-06-12 08:15:52.000000000 +0200
@@ -1,3 +1,10 @@
+libtpms (0.9.2-3.2) unstable; urgency=medium
+
+ * Non-maintainer upload
+ * Fix potential out-of-bound access (Closes: #1107617, CVE-2025-49133)
+
+ -- Bastian Germann <[email protected]> Thu, 12 Jun 2025 08:15:52 +0200
+
libtpms (0.9.2-3.1) unstable; urgency=medium

* Non-maintainer upload.
diff -Nru libtpms-0.9.2/debian/patches/CVE-2025-49133.patch libtpms-0.9.2/debian/patches/CVE-2025-49133.patch
--- libtpms-0.9.2/debian/patches/CVE-2025-49133.patch 1970-01-01 01:00:00.000000000 +0100
+++ libtpms-0.9.2/debian/patches/CVE-2025-49133.patch 2025-06-12 08:15:52.000000000 +0200
@@ -0,0 +1,272 @@
+Origin: upstream, 9f9baccdba9cd3fc32f1355613abd094b21f7ba0
+From: Stefan Berger <[email protected]>
+Date: Tue, 9 Jul 2024 16:45:42 -0400
+Subject: tpm2: Fix potential out-of-bound access & abort due to HMAC signing issue
+
+Fix a

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	11:07:11
Calls:	12,100
Files:	15,003
Messages:	6,517,992