Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 122307 - net-libs/gnutls, dev-libs/libtasn1 - possible DoS (GNUTLS-SA-2006-1) (CVE-2006-0645)
Summary: net-libs/gnutls, dev-libs/libtasn1 - possible DoS (GNUTLS-SA-2006-1) (CVE-200...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://lists.gnupg.org/pipermail/gnut...
Whiteboard: B3? [glsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-09 13:37 UTC by Carsten Lohrke (RETIRED)
Modified: 2019-12-19 00:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-09 13:50:55 UTC
crypto please provide fixed ebuilds, thank you
Comment 2 Marcelo Goes (RETIRED) gentoo-dev 2006-02-09 14:20:29 UTC
Done.

Please keyword =dev-libs/libtasn1-0.2.18 and =net-libs/gnutls-1.2.10.

Affected arches:
alpha, amd64, arm, hppa, ia64, mips, ppc, ppc64, ppc-macos, s390, sh, sparc, x86
Comment 3 René Nussbaumer (RETIRED) gentoo-dev 2006-02-10 01:34:08 UTC
Stable on hppa
Comment 4 Simon Stelling (RETIRED) gentoo-dev 2006-02-10 02:11:30 UTC
amd64 stable
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2006-02-10 07:51:23 UTC
sparc stable.
Comment 6 Joshua Jackson (RETIRED) gentoo-dev 2006-02-10 22:14:37 UTC
x86 done
Comment 7 Fabian Groffen gentoo-dev 2006-02-11 00:02:14 UTC
libtasn1-0.2.18 marked ppc-macos stable
gnutls-1.2.10 not marked stable as there are only unstable versions and all dependencies (e.g.: libgcrypt-1.2.2 opencdk-0.5.7) are not stable as well.
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2006-02-11 00:13:07 UTC
stable on ppc64
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2006-02-11 14:05:19 UTC
libtasn-0.2.18 still misses alpha and ppc.
gnutls-1.2.10 still misses ppc.
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2006-02-12 03:48:24 UTC
ppc stable
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2006-02-12 15:32:45 UTC
Stable on alpha.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-12 17:53:10 UTC
ready for glsa vote, tend to yes here.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2006-02-13 10:44:40 UTC
Yes too, please GLSA.
CVE-2006-0645
It might be possible (but not easy) to exploit this to execute arbitrary code.
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2006-02-16 12:48:49 UTC
GLSA 200602-08
arm mips s390 should mark stable to benefit from GLSA
Comment 15 Daniel Black (RETIRED) gentoo-dev 2006-06-01 05:56:15 UTC
libtasn1-0.2.18 ~mips
gnutls-1.2.10 ~mips

mips peoples - please purge older version once you keyword stable.
(arm,s390 and sh are stable).