[ubuntu/xenial-security] p11-kit 0.23.2-5~ubuntu16.04.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jan 5 16:18:10 UTC 2021
p11-kit (0.23.2-5~ubuntu16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: multiple integer overflows
- debian/patches/CVE-2020-29361-1.patch: check for arithmetic overflows
before allocating in p11-kit/iter.c, p11-kit/lists.c,
p11-kit/proxy.c, p11-kit/rpc-message.c, p11-kit/rpc-message.h,
p11-kit/rpc-server.c, trust/index.c.
- debian/patches/CVE-2020-29361-2.patch: add reallocarray and follow-up
to arithmetic overflow fix in common/compat.c, common/compat.h,
p11-kit/rpc-message.c.
- CVE-2020-29361
* SECURITY UPDATE: heap over-read in the RPC protocol
- debian/patches/CVE-2020-29362.patch: fix bounds check in
p11-kit/rpc-message.c.
- CVE-2020-29362
Date: 2021-01-04 19:43:12.706348+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/p11-kit/0.23.2-5~ubuntu16.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list