libtpms (0.9.3-0ubuntu2) lunar; urgency=medium
* SECURITY UPDATE: out-of-bounds read/write
- debian/patches/CVE-2023-1017_1018.patch: add a buffer size check and
properly reduce bufferSize variable by the number of bytes that make
up the cipherSize in CryptParameterDecryption() in
src/tpm2/CryptUtil.c
- CVE-2023-1017
- CVE-2023-1018
* SECURITY UPDATE: out-of-bounds read
- debian/patches/tpm2-Check-size-of-TPM2B_NAME.patch: add a buffer
size check in TPM2_PolicyAuthorize() in src/tpm2/EACommands.c.
- No CVE number
-- Rodrigo Figueiredo Zaiden <email address hidden> Wed, 01 Mar 2023 18:23:14 -0300
