Your message dated Wed, 27 Aug 2025 19:32:28 +0000
with message-id <[email protected]>
and subject line Bug#1107617: fixed in libtpms 0.9.2-3.1+deb12u1
has caused the Debian Bug report #1107617,
regarding libtpms: CVE-2025-49133: Fix potential out-of-bound access & abort
due to HMAC signing issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107617
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtpms
Version: 0.9.2-3.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libtpms.
CVE-2025-49133[0]:
| Fix potential out-of-bound access & abort due to HMAC signing issue
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-49133
https://www.cve.org/CVERecord?id=CVE-2025-49133
[1]
https://github.com/stefanberger/libtpms/commit/9f9baccdba9cd3fc32f1355613abd094b21f7ba0
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtpms
Source-Version: 0.9.2-3.1+deb12u1
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libtpms, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated libtpms package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Aug 2025 22:42:00 +0200
Source: libtpms
Architecture: source
Version: 0.9.2-3.1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Seunghun Han <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1107617
Changes:
libtpms (0.9.2-3.1+deb12u1) bookworm; urgency=medium
.
* CVE-2025-49133 (Closes: #1107617)
Checksums-Sha1:
2e4fec9cd4ad94332f25cdcd746d59473fcd1034 1989 libtpms_0.9.2-3.1+deb12u1.dsc
b8ac2a6047a396aed59e2d0a0899e0dbc91895e4 13004
libtpms_0.9.2-3.1+deb12u1.debian.tar.xz
ca5d5bce4843761696db53e831e2127f745e64ac 7030
libtpms_0.9.2-3.1+deb12u1_amd64.buildinfo
Checksums-Sha256:
8f2c24a4f2f6f141e66d458562bb50af379b53a3f7b105832eba9049d0b197d5 1989
libtpms_0.9.2-3.1+deb12u1.dsc
62a50a3586e15c2bd969a779734f2b127c825d30cf236f812be32efbc0e70f83 13004
libtpms_0.9.2-3.1+deb12u1.debian.tar.xz
08c70fdcf7a71ca91104a95b59ee91a7f0a5b1a96e037358195f934f6c9a980c 7030
libtpms_0.9.2-3.1+deb12u1_amd64.buildinfo
Files:
607e21ba1c7f3e88e8cd302b65cbf70f 1989 libs optional
libtpms_0.9.2-3.1+deb12u1.dsc
8fdcd873ae66de3a61ba5c20aebc2117 13004 libs optional
libtpms_0.9.2-3.1+deb12u1.debian.tar.xz
966667281a02a3726c7ae5b67460dbc3 7030 libs optional
libtpms_0.9.2-3.1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmiuxm4PHGptbUBkZWJp
YW4ub3JnAAoJEBDCk7bDfE42By4P/Ain6VtqokWqXgUAM0El6gKuT5NFpnRLTpjA
RtVg+VM3aATua4k9aTtJjf23r98A9Akg2nuVIj1P0H6BNYtzBBLygCGekVFMpp6o
kCOsFTAk0T106qK+L/Kf3h9mcYPtO2AWwEKu4QOOu0pmMlPyqXRC2gi3iz+5Svi6
bJa2/49Zay8/ID3cQQpiQVSFq6+PMV3GFgDmAvVhdy0i0nfC0EP2xiXv9BsSclS6
7JcRCyNSkgSW0xENtUKUwYat1yei9dL1pSYxWUibCwm4vTOVOMyyL/qd4rFXpvH9
Uvf7GAU0FCmufKR8AUd3QEGUxqjaypzOcCDIH7Oll1qhQlkaRwrVq0rLKOFbHlWK
kCZVMtWKcIw95AzVUvrnfl2CuJEUNfxEWbn/4HormxQ//ZGrnZKVPcghVIB4/zgl
sueN7PSEvJMoRHc8Zdoa5lWn9QGN45ImqgL5X8M16SXvJfH0nvOiQIo3if6qQ1xm
tTJDLwutpaCbjnCW4c7s7z8fCVQspGFwL7P55sPamt74iB8PSR92IaUnPvVxsFLm
tHwy41kKBG905INsnVxSjdPukBaF9B8QwyauW5MwhQzoD/PsCr3uVfnZ2/3TWsir
lkqiwVHBNpXJVEvTnrEvx+nIZ06VNqHI8MueP8G2PmJpzhGaMMO/s/hdYuEHPb3k
tIftB88o
=ptk3
-----END PGP SIGNATURE-----
pgpN22wFGVRdf.pgp
Description: PGP signature
--- End Message ---
