Update information for CVE-2021-3746/libtpms

author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-21 13:43:03 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-21 13:43:03 +0100
commit: c18c4a53c79d453a7c5571e0988ed190755f13fd (patch)
tree: cb1fbb5d5196b8eb0b0a21f3801f82683c197d16
parent: 68b3c9ed7ca9ad51c1479298514bf68dada935d7 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 60c3be9aa2..2f3132a905 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -16667,10 +16667,13 @@ CVE-2021-40152
 CVE-2021-40151
 	RESERVED
 CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond the  ...)
-	- libtpms <unfixed>
+	- libtpms 0.9.1-1
 	NOTE: https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df (v0.6.6)
 	NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6)
-	TODO: check, might only affect the upstream stable-0.6 branch and not an issue in src:libtpms in any released version in Debian
+	NOTE: https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b (v0.8.5)
+	NOTE: https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab (v0.8.5)
+	NOTE: https://github.com/stefanberger/libtpms/commit/034a5c02488cf7f0048e130177fc71c9e626e135 (v0.9.0)
+	NOTE: https://github.com/stefanberger/libtpms/commit/17255da54cf8354d02369f1323dc50cfb87e2bf4 (v0.9.0)
 CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...)
 	NOT-FOR-US: flatcore-cms
 CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-21 13:43:03 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-21 13:43:03 +0100
commit	c18c4a53c79d453a7c5571e0988ed190755f13fd (patch)
tree	cb1fbb5d5196b8eb0b0a21f3801f82683c197d16
parent	68b3c9ed7ca9ad51c1479298514bf68dada935d7 (diff)