[Bug 1455822] Re: Sync libtasn1-6 4.5-2 (main) from Debian unstable (main)
Daniel Holbach
daniel.holbach at ubuntu.com
Sun May 17 06:19:04 UTC 2015
This bug was fixed in the package libtasn1-6 - 4.5-2
Sponsored for Artur Rona (ari-tczew)
---------------
libtasn1-6 (4.5-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler at debian.org> Sat, 02 May 2015 14:27:06
+0200
libtasn1-6 (4.5-1) experimental; urgency=medium
* New upstream version.
+ Drop 20_asn1_extract_der_octet-prevent-past-of-boundary-acc.patch.
-- Andreas Metzler <ametzler at debian.org> Thu, 30 Apr 2015 19:06:44
+0200
libtasn1-6 (4.4-3) unstable; urgency=medium
* Upload to unstable.
* Pull 20_asn1_extract_der_octet-prevent-past-of-boundary-acc.patch from
upstream GIT to correct an invalid memory access in octet string
decoding.
-- Andreas Metzler <ametzler at debian.org> Mon, 27 Apr 2015 07:19:34
+0200
libtasn1-6 (4.4-2) experimental; urgency=medium
* Really bump shlibs. Closes: #782286
-- Andreas Metzler <ametzler at debian.org> Fri, 10 Apr 2015 19:08:24
+0200
libtasn1-6 (4.4-1) experimental; urgency=medium
* New upstream version.
-- Andreas Metzler <ametzler at debian.org> Sun, 29 Mar 2015 13:12:15
+0200
libtasn1-6 (4.3-1) experimental; urgency=medium
* Mark libtasn1-6-dev Multi-Arch: same.
* New upstream version.
+ Bump shlibs, asn1_decode_simple_ber() added.
-- Andreas Metzler <ametzler at debian.org> Tue, 10 Mar 2015 19:09:15
+0100
libtasn1-6 (4.2-3) unstable; urgency=medium
* Pull 20_CVE-2015-2806.diff from upstream 4.4 release to correct a
two-byte stack overflow in asn1_der_decoding. CVE-2015-2806.
-- Andreas Metzler <ametzler at debian.org> Sat, 04 Apr 2015 08:04:32
+0200
** Changed in: libtasn1-6 (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2806
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1455822
Title:
Sync libtasn1-6 4.5-2 (main) from Debian unstable (main)
Status in libtasn1-6 package in Ubuntu:
Fix Released
Bug description:
Please sync libtasn1-6 4.5-2 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_extract_der_octet.
- debian/patches/CVE-2015-3622.patch: properly handle length in
lib/decoding.c.
- CVE-2015-3622
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_ltostr.
- debian/patches/CVE-2015-2806.patch: increase size of LTOSTR_MAX_SIZE
to account for sign and null byte in lib/parser_aux.{c,h}.
- CVE-2015-2806
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_ltostr.
- debian/patches/CVE-2015-2806.patch: increase size of LTOSTR_MAX_SIZE
to account for sign and null byte in lib/parser_aux.{c,h}.
- CVE-2015-2806
Both patches have been fixed upstream.
Changelog entries since current wily version 4.2-2ubuntu2:
libtasn1-6 (4.5-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler at debian.org> Sat, 02 May 2015 14:27:06
+0200
libtasn1-6 (4.5-1) experimental; urgency=medium
* New upstream version.
+ Drop 20_asn1_extract_der_octet-prevent-past-of-boundary-acc.patch.
-- Andreas Metzler <ametzler at debian.org> Thu, 30 Apr 2015 19:06:44
+0200
libtasn1-6 (4.4-3) unstable; urgency=medium
* Upload to unstable.
* Pull 20_asn1_extract_der_octet-prevent-past-of-boundary-acc.patch from
upstream GIT to correct an invalid memory access in octet string
decoding.
-- Andreas Metzler <ametzler at debian.org> Mon, 27 Apr 2015 07:19:34
+0200
libtasn1-6 (4.4-2) experimental; urgency=medium
* Really bump shlibs. Closes: #782286
-- Andreas Metzler <ametzler at debian.org> Fri, 10 Apr 2015 19:08:24
+0200
libtasn1-6 (4.4-1) experimental; urgency=medium
* New upstream version.
-- Andreas Metzler <ametzler at debian.org> Sun, 29 Mar 2015 13:12:15
+0200
libtasn1-6 (4.3-1) experimental; urgency=medium
* Mark libtasn1-6-dev Multi-Arch: same.
* New upstream version.
+ Bump shlibs, asn1_decode_simple_ber() added.
-- Andreas Metzler <ametzler at debian.org> Tue, 10 Mar 2015 19:09:15
+0100
libtasn1-6 (4.2-3) unstable; urgency=medium
* Pull 20_CVE-2015-2806.diff from upstream 4.4 release to correct a
two-byte stack overflow in asn1_der_decoding. CVE-2015-2806.
-- Andreas Metzler <ametzler at debian.org> Sat, 04 Apr 2015 08:04:32
+0200
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libtasn1-6/+bug/1455822/+subscriptions
More information about the Ubuntu-sponsors
mailing list