Sync libtasn1-6 4.5-2 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libtasn1-6 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync libtasn1-6 4.5-2 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_extract_
- debian/
lib/
- CVE-2015-3622
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_ltostr.
- debian/
to account for sign and null byte in lib/parser_
- CVE-2015-2806
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_ltostr.
- debian/
to account for sign and null byte in lib/parser_
- CVE-2015-2806
Both patches have been fixed upstream.
Changelog entries since current wily version 4.2-2ubuntu2:
libtasn1-6 (4.5-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <email address hidden> Sat, 02 May 2015 14:27:06 +0200
libtasn1-6 (4.5-1) experimental; urgency=medium
* New upstream version.
+ Drop 20_asn1_
-- Andreas Metzler <email address hidden> Thu, 30 Apr 2015 19:06:44 +0200
libtasn1-6 (4.4-3) unstable; urgency=medium
* Upload to unstable.
* Pull 20_asn1_
upstream GIT to correct an invalid memory access in octet string
decoding.
-- Andreas Metzler <email address hidden> Mon, 27 Apr 2015 07:19:34 +0200
libtasn1-6 (4.4-2) experimental; urgency=medium
* Really bump shlibs. Closes: #782286
-- Andreas Metzler <email address hidden> Fri, 10 Apr 2015 19:08:24 +0200
libtasn1-6 (4.4-1) experimental; urgency=medium
* New upstream version.
-- Andreas Metzler <email address hidden> Sun, 29 Mar 2015 13:12:15 +0200
libtasn1-6 (4.3-1) experimental; urgency=medium
* Mark libtasn1-6-dev Multi-Arch: same.
* New upstream version.
+ Bump shlibs, asn1_decode_
-- Andreas Metzler <email address hidden> Tue, 10 Mar 2015 19:09:15 +0100
libtasn1-6 (4.2-3) unstable; urgency=medium
* Pull 20_CVE-
two-byte stack overflow in asn1_der_decoding. CVE-2015-2806.
-- Andreas Metzler <email address hidden> Sat, 04 Apr 2015 08:04:32 +0200
CVE References
Changed in libtasn1-6 (Ubuntu): | |
importance: | Undecided → Wishlist |
This bug was fixed in the package libtasn1-6 - 4.5-2
Sponsored for Artur Rona (ari-tczew)
---------------
libtasn1-6 (4.5-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <email address hidden> Sat, 02 May 2015 14:27:06 +0200
libtasn1-6 (4.5-1) experimental; urgency=medium
* New upstream version. extract_ der_octet- prevent- past-of- boundary- acc.patch.
+ Drop 20_asn1_
-- Andreas Metzler <email address hidden> Thu, 30 Apr 2015 19:06:44 +0200
libtasn1-6 (4.4-3) unstable; urgency=medium
* Upload to unstable. extract_ der_octet- prevent- past-of- boundary- acc.patch from
* Pull 20_asn1_
upstream GIT to correct an invalid memory access in octet string
decoding.
-- Andreas Metzler <email address hidden> Mon, 27 Apr 2015 07:19:34 +0200
libtasn1-6 (4.4-2) experimental; urgency=medium
* Really bump shlibs. Closes: #782286
-- Andreas Metzler <email address hidden> Fri, 10 Apr 2015 19:08:24 +0200
libtasn1-6 (4.4-1) experimental; urgency=medium
* New upstream version.
-- Andreas Metzler <email address hidden> Sun, 29 Mar 2015 13:12:15 +0200
libtasn1-6 (4.3-1) experimental; urgency=medium
* Mark libtasn1-6-dev Multi-Arch: same. simple_ ber() added.
* New upstream version.
+ Bump shlibs, asn1_decode_
-- Andreas Metzler <email address hidden> Tue, 10 Mar 2015 19:09:15 +0100
libtasn1-6 (4.2-3) unstable; urgency=medium
* Pull 20_CVE- 2015-2806. diff from upstream 4.4 release to correct a
two-byte stack overflow in asn1_der_decoding. CVE-2015-2806.
-- Andreas Metzler <email address hidden> Sat, 04 Apr 2015 08:04:32 +0200