Summary: | net-libs/gnutls, dev-libs/libtasn1 - possible DoS (GNUTLS-SA-2006-1) (CVE-2006-0645) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | crypto+disabled, wolf31o2 |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html | ||
Whiteboard: | B3? [glsa] DerCorny | ||
Package list: | Runtime testing required: | --- |
Description
Carsten Lohrke (RETIRED)
2006-02-09 13:37:01 UTC
crypto please provide fixed ebuilds, thank you Done. Please keyword =dev-libs/libtasn1-0.2.18 and =net-libs/gnutls-1.2.10. Affected arches: alpha, amd64, arm, hppa, ia64, mips, ppc, ppc64, ppc-macos, s390, sh, sparc, x86 Stable on hppa amd64 stable sparc stable. x86 done libtasn1-0.2.18 marked ppc-macos stable gnutls-1.2.10 not marked stable as there are only unstable versions and all dependencies (e.g.: libgcrypt-1.2.2 opencdk-0.5.7) are not stable as well. stable on ppc64 libtasn-0.2.18 still misses alpha and ppc. gnutls-1.2.10 still misses ppc. ppc stable Stable on alpha. ready for glsa vote, tend to yes here. Yes too, please GLSA. CVE-2006-0645 It might be possible (but not easy) to exploit this to execute arbitrary code. GLSA 200602-08 arm mips s390 should mark stable to benefit from GLSA libtasn1-0.2.18 ~mips gnutls-1.2.10 ~mips mips peoples - please purge older version once you keyword stable. (arm,s390 and sh are stable). |