[Bug 1455822] [NEW] Sync libtasn1-6 4.5-2 (main) from Debian unstable (main)

Launchpad Bug Tracker 1455822 at bugs.launchpad.net
Sat May 16 22:24:42 UTC 2015 

You have been subscribed to a public bug by Artur Rona (ari-tczew):

Please sync libtasn1-6 4.5-2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_extract_der_octet.
    - debian/patches/CVE-2015-3622.patch: properly handle length in
      lib/decoding.c.
    - CVE-2015-3622
  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_ltostr.
    - debian/patches/CVE-2015-2806.patch: increase size of LTOSTR_MAX_SIZE
      to account for sign and null byte in lib/parser_aux.{c,h}.
    - CVE-2015-2806
  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_ltostr.
    - debian/patches/CVE-2015-2806.patch: increase size of LTOSTR_MAX_SIZE
      to account for sign and null byte in lib/parser_aux.{c,h}.
    - CVE-2015-2806

Both patches have been fixed upstream.

Changelog entries since current wily version 4.2-2ubuntu2:

libtasn1-6 (4.5-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler at debian.org>  Sat, 02 May 2015 14:27:06
+0200

libtasn1-6 (4.5-1) experimental; urgency=medium

  * New upstream version.
    + Drop 20_asn1_extract_der_octet-prevent-past-of-boundary-acc.patch.

 -- Andreas Metzler <ametzler at debian.org>  Thu, 30 Apr 2015 19:06:44
+0200

libtasn1-6 (4.4-3) unstable; urgency=medium

  * Upload to unstable.
  * Pull 20_asn1_extract_der_octet-prevent-past-of-boundary-acc.patch from
    upstream GIT to correct an invalid memory access in octet string
    decoding.

 -- Andreas Metzler <ametzler at debian.org>  Mon, 27 Apr 2015 07:19:34
+0200

libtasn1-6 (4.4-2) experimental; urgency=medium

  * Really bump shlibs. Closes: #782286

 -- Andreas Metzler <ametzler at debian.org>  Fri, 10 Apr 2015 19:08:24
+0200

libtasn1-6 (4.4-1) experimental; urgency=medium

  * New upstream version.

 -- Andreas Metzler <ametzler at debian.org>  Sun, 29 Mar 2015 13:12:15
+0200

libtasn1-6 (4.3-1) experimental; urgency=medium

  * Mark libtasn1-6-dev Multi-Arch: same.
  * New upstream version.
    + Bump shlibs, asn1_decode_simple_ber() added.

 -- Andreas Metzler <ametzler at debian.org>  Tue, 10 Mar 2015 19:09:15
+0100

libtasn1-6 (4.2-3) unstable; urgency=medium

  * Pull 20_CVE-2015-2806.diff from upstream 4.4 release to correct a
    two-byte stack overflow in asn1_der_decoding. CVE-2015-2806.

 -- Andreas Metzler <ametzler at debian.org>  Sat, 04 Apr 2015 08:04:32
+0200

** Affects: libtasn1-6 (Ubuntu)
     Importance: Wishlist
         Status: New

-- 
Sync libtasn1-6 4.5-2 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1455822
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list