CVE-2017-16837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16837): Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
@Maintainer please refer to URL for the patch that fixes this issue. A new release should be available in ~2 months so it's your call if apply the patch or to wait until new release. Thank you
@security: i added a snapshot ebuild with the patch, and dropped the old versions. the package has never been stable so keywords are already what they need to be. fixed version: sys-boot/tboot-1.9.6_p20171118
(In reply to Jason Zaman from comment #2) > @security: i added a snapshot ebuild with the patch, and dropped the old > versions. the package has never been stable so keywords are already what > they need to be. > > fixed version: sys-boot/tboot-1.9.6_p20171118 Thank you Closing since everything is fixed.