-
libtasn1-3 (2.10-1ubuntu1.6) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: buffer overflow via specially crafted assignments file
- debian/patches/CVE-2017-6891.patch: add checks lib/parser_aux.c.
- CVE-2017-6891
-- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Jul 2017 11:23:44 -0300
-
libtasn1-3 (2.10-1ubuntu1.5) precise-security; urgency=medium
* SECURITY UPDATE: infinite loop via malformed DER cert
- debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early
in lib/decoding.c.
- debian/patches/CVE-2016-4008-2.patch: properly account bytes read in
lib/decoding.c.
- CVE-2016-4008
-- Marc Deslauriers <email address hidden> Tue, 26 Apr 2016 14:20:41 -0400
-
libtasn1-3 (2.10-1ubuntu1.4) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_extract_der_octet.
- debian/patches/CVE-2015-3622.patch: properly handle length in
lib/decoding.c.
- CVE-2015-3622
-- Marc Deslauriers <email address hidden> Fri, 01 May 2015 09:46:08 -0400
-
libtasn1-3 (2.10-1ubuntu1.3) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_ltostr
- debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
lib/parser_aux.h.
- CVE-2015-2806
-- Marc Deslauriers <email address hidden> Thu, 02 Apr 2015 11:22:00 -0400
-
libtasn1-3 (2.10-1ubuntu1.2) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
invalid ASN.1 data
- debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths
in lib/decoding.c.
- CVE-2014-3467
- CVE-2014-3468
* SECURITY UPDATE: denial of service via NULL value
- debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c.
- CVE-2014-3469
-- Marc Deslauriers <email address hidden> Fri, 18 Jul 2014 13:36:06 -0400
-
libtasn1-3 (2.10-1ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
certain large length values.
- debian/patches/CVE-2012-1569.diff: return an error when the decoded
length value plus @len would exceed @der_len in lib/decoding.c.
- CVE-2012-1569
-- Marc Deslauriers <email address hidden> Tue, 24 Apr 2012 14:01:18 -0400
-
libtasn1-3 (2.10-1ubuntu1) precise; urgency=low
* debian/rules: Disable compression of NEWS file for now to unbreak
upgrades. Debugging the underlying gzip bug is quite hard and will take
more time than a few hours. (LP: #889303)
-- Martin Pitt <email address hidden> Mon, 14 Nov 2011 08:59:19 +0100
-
libtasn1-3 (2.10-1build1) precise; urgency=low
* No-change rebuild to (hopefully) fix unreproducible broken NEWS.gz on
amd64. (LP: #889303)
-- Martin Pitt <email address hidden> Mon, 14 Nov 2011 08:41:08 +0100
-
libtasn1-3 (2.10-1) unstable; urgency=low
[Simon Josefsson]
* Fix Debian BTS URL in --with-packager-bug-reports option.
[Andreas Metzler]
* New upstream Version. (Includes workaround for #639818)
* Point watchfile to ftp.gnu.org instead of ftp.gnutls.org.
* [debian/control] Drop priority and section from libtasn1-3 binary package
stanza.
* Update debian/copyright.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 11 Nov 2011 09:26:41 +0000
-
libtasn1-3 (2.9-4) unstable; urgency=low
* Merge from Ubuntu (build for multiarch):
+ configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
*.install accordingly.
+ Bump cdbs Build-Depends to 0.4.93 (required for expanding
$(DEB_HOST_MULTIARCH)).
+ Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
+ runtime library is Multi-Arch: same and has Pre-Depends:
${misc:Pre-Depends}, -bin (helper binaries)
is Multi-Arch: foreign. -dev is unchanged.
* Diverge from the Ubuntu patch by not settting Multi-Arch: same on
-dbg package. It contains debugging symbols for both library and helper
binaries ( e.g. /usr/lib/debug/usr/bin/asn1Decoding) and is therefore not
co-installable with itself.
-- Steve Langasek <email address hidden> Mon, 20 Jun 2011 22:26:11 +0000
