Ubuntu
libtasn1-6 package

Change logs for libtasn1-6 source package in Trusty

  1. Trusty (14.04)
  2. Change log 
  • libtasn1-6 (3.4-3ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference and DoS
    - debian/patches/CVE-2017-10790.patch: safer access to values
      read in /lib/parser_aux.c.
    - CVE-2017-10790

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 24 Jan 2018 16:37:09 -0300
  • libtasn1-6 (3.4-3ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via specially crafted assignments file
    - debian/patches/CVE-2017-6891.patch: add checks to lib/parser_aux.c.
    - CVE-2017-6891

 -- Marc Deslauriers <email address hidden>  Thu, 01 Jun 2017 13:15:06 -0400
  • libtasn1-6 (3.4-3ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: infinite loop via malformed DER cert
    - debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early
      in lib/decoding.c.
    - debian/patches/CVE-2016-4008-2.patch: properly account bytes read in
      lib/decoding.c.
    - CVE-2016-4008

 -- Marc Deslauriers <email address hidden>  Tue, 26 Apr 2016 14:11:17 -0400
  • libtasn1-6 (3.4-3ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_extract_der_octet.
    - debian/patches/CVE-2015-3622.patch: properly handle length in
      lib/decoding.c.
    - CVE-2015-3622

 -- Marc Deslauriers <email address hidden>  Fri, 01 May 2015 09:45:29 -0400
  • libtasn1-6 (3.4-3ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    overflow in _asn1_ltostr
    - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
      in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
      lib/parser_aux.h.
    - CVE-2015-2806
 -- Marc Deslauriers <email address hidden>   Thu, 02 Apr 2015 11:12:05 -0400
  • libtasn1-6 (3.4-3ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    invalid ASN.1 data
    - debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths
      in lib/decoding.c.
    - CVE-2014-3467
    - CVE-2014-3468
  * SECURITY UPDATE: denial of service via NULL value
    - debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c.
    - CVE-2014-3469
 -- Marc Deslauriers <email address hidden>   Fri, 18 Jul 2014 11:49:24 -0400
  • libtasn1-6 (3.4-3) unstable; urgency=medium


  * Point vcs* to git.
  * Add debian/upstream-signing-key.pgp (listed in
    debian/source/include-binaries) and update watchfile to check
    upstream signature.
  * Add transitional packages for libtasn1-3-dev and -bin. (#730856)

 -- Andreas Metzler <email address hidden>  Sat, 01 Feb 2014 11:39:30 +0100
  • libtasn1-6 (3.4-2) unstable; urgency=low


  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Fri, 29 Nov 2013 18:46:13 +0100
  • libtasn1-6 (3.3-2) unstable; urgency=low


  * Use debhelper v9 mode. This allows us to mark libtasn1-6-dbg Multi-Arch:
    same.
  * Point Vcs-* to anonscm.debian.org.

 -- Andreas Metzler <email address hidden>  Sun, 23 Jun 2013 15:14:02 +0200