On Wed, 26 May 2021 22:05:35 +0200 Salvatore Bonaccorso <car...@debian.org>
wrote:
CVE-2021-3565[0]:
| during tpm2_import command invocation a fixed AES wrapping key is
| used
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3565
[1] https://github.com/tpm2-software/tpm2-tools/issues/2738
[2]
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
Please adjust the affected versions in the BTS as needed.
The buster version 3.1.3-2 does not contain the tpm2_import tool, so the CVE is not applicable to
buster. Please correct that in the security tracker.
