Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 891519 (CVE-2023-22745) - <app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode
Summary: <app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode
Status: IN_PROGRESS
Alias: CVE-2023-22745
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa?]
Keywords: PullRequest
: 891793 (view as bug list)
Depends on: 894662
Blocks:
  Show dependency tree
 
Reported: 2023-01-20 23:24 UTC by Christopher Byrne
Modified: 2023-06-25 22:31 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Byrne 2023-01-20 23:24:25 UTC
See https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67

Will be fixed in 3.2.2 / 4.0.1 (not created yet).
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-23 03:52:02 UTC
*** Bug 891793 has been marked as a duplicate of this bug. ***
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-23 03:53:40 UTC
Thanks! Just a note - we don't put version in summary until a fixed version is in tree.
Comment 3 Larry the Git Cow gentoo-dev 2023-02-01 07:56:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7e6f8fcfaf24a904171160d9be9f3426c630c25

commit e7e6f8fcfaf24a904171160d9be9f3426c630c25
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2023-01-31 16:12:00 +0000
Commit:     Viorel Munteanu <ceamac@gentoo.org>
CommitDate: 2023-02-01 07:40:48 +0000

    app-crypt/tpm2-tss: add 4.0.1
    
    Bug: https://bugs.gentoo.org/891519
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/29358
    Signed-off-by: Viorel Munteanu <ceamac@gentoo.org>

 app-crypt/tpm2-tss/Manifest              |  1 +
 app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild | 93 ++++++++++++++++++++++++++++++++
 2 files changed, 94 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2c7c69e86142a68f371333a500207d1fd48c799

commit b2c7c69e86142a68f371333a500207d1fd48c799
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2023-01-31 16:08:19 +0000
Commit:     Viorel Munteanu <ceamac@gentoo.org>
CommitDate: 2023-02-01 07:40:48 +0000

    app-crypt/tpm2-tss: add 3.2.2
    
    Bug: https://bugs.gentoo.org/891519
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Viorel Munteanu <ceamac@gentoo.org>

 app-crypt/tpm2-tss/Manifest              |  1 +
 app-crypt/tpm2-tss/tpm2-tss-3.2.2.ebuild | 90 ++++++++++++++++++++++++++++++++
 2 files changed, 91 insertions(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-02-15 22:24:32 UTC
Please stable when ready (file stable bug & have it block this one).
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-02-20 20:43:32 UTC
Please cleanup
Comment 6 Larry the Git Cow gentoo-dev 2023-06-25 22:30:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0662bc0999c4b695e6f0f8f7869a0e3db4a550ab

commit 0662bc0999c4b695e6f0f8f7869a0e3db4a550ab
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2023-06-25 22:29:58 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2023-06-25 22:29:58 +0000

    app-crypt/tpm2-tss: drop 3.2.0-r4, 3.2.1, 3.2.2, 4.0.0
    
    Bug: https://bugs.gentoo.org/891519
    Signed-off-by: David Seifert <soap@gentoo.org>

 app-crypt/tpm2-tss/Manifest                        |   4 -
 ...2.0-Dont-run-systemd-sysusers-in-Makefile.patch |  57 --------
 .../tpm2-tss/files/tpm2-tss-3.2.0-slibtool.patch   |  49 -------
 ...st-fix-usage-of-FILE-in-unit-test-fapi-io.patch | 146 ---------------------
 ...2.1-Dont-run-systemd-sysusers-in-Makefile.patch |  61 ---------
 app-crypt/tpm2-tss/tpm2-tss-3.2.0-r4.ebuild        | 104 ---------------
 app-crypt/tpm2-tss/tpm2-tss-3.2.1.ebuild           |  90 -------------
 app-crypt/tpm2-tss/tpm2-tss-3.2.2.ebuild           |  90 -------------
 app-crypt/tpm2-tss/tpm2-tss-4.0.0.ebuild           |  93 -------------
 9 files changed, 694 deletions(-)