[ubuntu/groovy-updates] p11-kit 0.23.21-2ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Jan 5 17:34:34 UTC 2021


p11-kit (0.23.21-2ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: multiple integer overflows
    - debian/patches/CVE-2020-29361-1.patch: check for arithmetic overflows
      before allocating in p11-kit/iter.c, p11-kit/lists.c,
      p11-kit/proxy.c, p11-kit/rpc-message.c, p11-kit/rpc-message.h,
      p11-kit/rpc-server.c, trust/index.c.
    - debian/patches/CVE-2020-29361-2.patch: follow-up to arithmetic
      overflow fix in common/compat.c, p11-kit/rpc-message.c.
    - CVE-2020-29361
  * SECURITY UPDATE: heap over-read in the RPC protocol
    - debian/patches/CVE-2020-29362.patch: fix bounds check in
      p11-kit/rpc-message.c.
    - CVE-2020-29362
  * SECURITY UPDATE: heap overflow in RPC protocol
    - debian/patches/CVE-2020-29363.patch: check attribute length against
      buffer size in p11-kit/rpc-message.c.
    - CVE-2020-29363

Date: 2021-01-04 19:35:09.201382+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/p11-kit/0.23.21-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Groovy-changes mailing list