Overview

Request 1059943 accepted

- add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes
CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large
RC values passed to the TSS2 function could lead to memory overread or
memory overread.
This patch is not yet part of any upstream git tag.

Fabian Vogt's avatar
Fabian Vogt (favogt) -

SOs must not obsolete other versions of themselves, that breaks co-installability and is a clear violation of SLPP. FWICT %{_tmpfilesdir}/tpm2-tss-fapi.conf needs to be moved to a separate package.

Alberto Planas Dominguez's avatar
Alberto Planas Dominguez (aplanas) -
source maintainer

Yes, thank you. SR#936543 expect to address the issues.

Request History
Matthias Gerstner's avatar

mgerstner created request

- add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes
CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large
RC values passed to the TSS2 function could lead to memory overread or
memory overread.
This patch is not yet part of any upstream git tag.

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Saul Goodman's avatar

licensedigger accepted review

ok

Dominique Leuenberger's avatar

dimstar_suse set openSUSE:Factory:Staging:G as a staging project

Being evaluated by staging project "openSUSE:Factory:Staging:G"

Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked "openSUSE:Factory:Staging:G"

Dominique Leuenberger's avatar

dimstar accepted review

Dominique Leuenberger's avatar

dimstar_suse approved review

Staging Project openSUSE:Factory:Staging:G got accepted.

Dominique Leuenberger's avatar

dimstar_suse accepted review

Staging Project openSUSE:Factory:Staging:G got accepted.

Dominique Leuenberger's avatar

dimstar_suse accepted request

Staging Project openSUSE:Factory:Staging:G got accepted.

openSUSE Build Service is sponsored by
Places