CVE-2024-29040

NameCVE-2024-29040
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1070140

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tpm2-tss (PTS)buster2.1.0-4vulnerable
bullseye3.0.3-2vulnerable
bookworm3.2.1-3vulnerable
trixie4.0.1-7.2vulnerable
sid4.1.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tpm2-tsssource(unstable)4.1.0-11070140

Notes

[bookworm] - tpm2-tss <no-dsa> (Minor issue)
[bullseye] - tpm2-tss <no-dsa> (Minor issue)
[buster] - tpm2-tss <postponed> (Minor issue; can be fixed in next update)
https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99 (4.1.0)

Search for package or bug name: Reporting problems