Your message dated Thu, 12 Jun 2025 08:34:03 +0000
with message-id <[email protected]>
and subject line Bug#1107617: fixed in libtpms 0.9.2-3.2
has caused the Debian Bug report #1107617,
regarding libtpms: CVE-2025-49133: Fix potential out-of-bound access & abort
due to HMAC signing issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107617
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtpms
Version: 0.9.2-3.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libtpms.
CVE-2025-49133[0]:
| Fix potential out-of-bound access & abort due to HMAC signing issue
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-49133
https://www.cve.org/CVERecord?id=CVE-2025-49133
[1]
https://github.com/stefanberger/libtpms/commit/9f9baccdba9cd3fc32f1355613abd094b21f7ba0
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtpms
Source-Version: 0.9.2-3.2
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libtpms, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated libtpms package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 12 Jun 2025 08:15:52 +0200
Source: libtpms
Architecture: source
Version: 0.9.2-3.2
Distribution: unstable
Urgency: medium
Maintainer: Seunghun Han <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 1107617
Changes:
libtpms (0.9.2-3.2) unstable; urgency=medium
.
* Non-maintainer upload
* Fix potential out-of-bound access (Closes: #1107617, CVE-2025-49133)
Checksums-Sha1:
e896d6ae4875affd7c17cfa5371acac2df65c2b9 1786 libtpms_0.9.2-3.2.dsc
b4226211f0addd58b78777ca06d05fb4357fe141 13104 libtpms_0.9.2-3.2.debian.tar.xz
a655576c23385dae048ea4efb7f26223291ce8e3 5258
libtpms_0.9.2-3.2_source.buildinfo
Checksums-Sha256:
d4522e2d850117e8813c99bd992c606073bf764d3efe76ed7db30c150bd30051 1786
libtpms_0.9.2-3.2.dsc
f1aed22f4cbc8027239a87330118d5e481e7471ce189e4473c2d923e5c757372 13104
libtpms_0.9.2-3.2.debian.tar.xz
deba02ac55e4fa47280672130149e6f2bb8710b9a81efa99beca97df658963f1 5258
libtpms_0.9.2-3.2_source.buildinfo
Files:
c2f030616c5040fcedeec9fe8db8659d 1786 libs optional libtpms_0.9.2-3.2.dsc
b9c2031973a171b4c698b075c5588ccb 13104 libs optional
libtpms_0.9.2-3.2.debian.tar.xz
7e9eaa81a78f87b853df7579d260b5c7 5258 libs optional
libtpms_0.9.2-3.2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmhKiwEQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFFqjC/oCSgSCOd1vdODEtZExEMZdLA4oVtZ/L6Qo
AnbkjsWnexgrIYhEv1PAY8zBTZ7h4tgYhi7dpQ2xgTtWhT/ulqPj+7Jla5tH6l6F
a2emveOhpinBV6uLe0z8sS6BNdZXVhkVjLojoVBuDWeHkcoKooSVhQLM/s5vpjvt
uHPNgopuKaT8wIeT0h+z/PlFSA36ksT24VSWjPJw27XGsN5bK8ajgzEsmmZJCTyc
4WGKZ+haTIuO3FbT4l69lkPUMcFvfZsVuEhBLB1X7E87li8gXuDruf24XeIr0WkA
z1QauNVzpWFi4U/09/7hbZxGMLJAl1jY81J0cI65F4tbV+AbkBBrU8xRvRwKa7az
J34fZSTi9ruvi7WW83lx5GB0koof6PRDBVDUScqL9U9CHMn7uq1gWRFkh0qKSfA1
jWzN6zBX89ZGRSR/JnPPg4W/t0XORsjGNjg9XaKhINH+hrkwdmp3W+d7c6wPlkum
i+J6FxxhJ7ctUEHlfMTWaCPyl/ho7tw=
=mPgl
-----END PGP SIGNATURE-----
pgpssTGBY7fzq.pgp
Description: PGP signature
--- End Message ---
