From ${URL} : Following issues were fixed in libksba 1.3.3: libksba: integer overflow in the DN decoder src/dn.c (append_quoted, append_atv) http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 libksba: integer overflow in the BER decoder src/ber-decoder.c (ber_decoder_s) http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887 libksba: denial of service due to stack overflow in src/ber-decoder.c (push_decoder_state, pop_decoder_state) http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
added. these two issues were fixed within code but with bump of autotools and yaac, so best to give it few days.
Arches, please stabilize: =dev-libs/libksba-1.3.3 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
ppc stable
Stable for PPC64.
Stable for HPPA.
amd64 stable
x86 stable
arm stable
ia64 stable
sparc stable
alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Done.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. CVE Request Pending: http://seclists.org/oss-sec/2015/q2/120
This issue was resolved and addressed in GLSA 201604-04 at https://security.gentoo.org/glsa/201604-04 by GLSA coordinator Kristian Fiskerstrand (K_F).