Gentoo Bug 122307 - net-libs/gnutls, dev-libs/libtasn1 - possible DoS (GNUTLS-SA-2006-1) (CVE-2006-0645)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	122307
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 122307 depends on:			Show dependency tree
Bug 122307 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-02-09 13:37 0000

http://www.gnu.org/software/gnutls/security.html
http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-02-09 13:50:55 0000 -------

crypto please provide fixed ebuilds, thank you

------- Comment #2 From Marcelo Goes 2006-02-09 14:20:29 0000 -------

Done.

Please keyword =dev-libs/libtasn1-0.2.18 and =net-libs/gnutls-1.2.10.

Affected arches:
alpha, amd64, arm, hppa, ia64, mips, ppc, ppc64, ppc-macos, s390, sh, sparc,
x86

------- Comment #3 From René Nussbaumer 2006-02-10 01:34:08 0000 -------

Stable on hppa

------- Comment #4 From Simon Stelling (RETIRED) 2006-02-10 02:11:30 0000 -------

amd64 stable

------- Comment #5 From Gustavo Zacarias (RETIRED) 2006-02-10 07:51:23 0000 -------

sparc stable.

------- Comment #6 From Joshua Jackson 2006-02-10 22:14:37 0000 -------

x86 done

------- Comment #7 From Fabian Groffen 2006-02-11 00:02:14 0000 -------

libtasn1-0.2.18 marked ppc-macos stable
gnutls-1.2.10 not marked stable as there are only unstable versions and all
dependencies (e.g.: libgcrypt-1.2.2 opencdk-0.5.7) are not stable as well.

------- Comment #8 From Markus Rothe 2006-02-11 00:13:07 0000 -------

stable on ppc64

------- Comment #9 From Thierry Carrez (RETIRED) 2006-02-11 14:05:19 0000 -------

libtasn-0.2.18 still misses alpha and ppc.
gnutls-1.2.10 still misses ppc.

------- Comment #10 From Tobias Scherbaum 2006-02-12 03:48:24 0000 -------

ppc stable

------- Comment #11 From Bryan Østergaard (RETIRED) 2006-02-12 15:32:45 0000 -------

Stable on alpha.

------- Comment #12 From Stefan Cornelius (RETIRED) 2006-02-12 17:53:10 0000 -------

ready for glsa vote, tend to yes here.

------- Comment #13 From Thierry Carrez (RETIRED) 2006-02-13 10:44:40 0000 -------

Yes too, please GLSA.
CVE-2006-0645
It might be possible (but not easy) to exploit this to execute arbitrary code.

------- Comment #14 From Thierry Carrez (RETIRED) 2006-02-16 12:48:49 0000 -------

GLSA 200602-08
arm mips s390 should mark stable to benefit from GLSA

------- Comment #15 From Daniel Black 2006-06-01 05:56:15 0000 -------

libtasn1-0.2.18 ~mips
gnutls-1.2.10 ~mips

mips peoples - please purge older version once you keyword stable.
(arm,s390 and sh are stable).

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 122307

net-libs/gnutls, dev-libs/libtasn1 - possible DoS (GNUTLS-SA-2006-1) (CVE-2006-0645)

Last modified: 2006-06-01 05:56:15 0000