Summary: | <dev-libs/libtasn1-4.4: stack overflow in DER decoder (CVE-2015-2806) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alonbl, crypto+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 548252 | ||
Bug Blocks: |
Description
Hanno Böck
2015-03-29 12:07:22 UTC
Already in tree :) Can we stabilize? (In reply to Hanno Boeck from comment #2) > Can we stabilize? yes, changes since last are trivial. Archs, please stabilize. Target keywords: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 amd64 stable x86 stable Stable for HPPA. arm stable alpha stable ia64 stable ppc64 stable ppc stable CVE-2015-2806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2806): Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. sparc stable stabilization moved to bug 548252 for newer version This issue was resolved and addressed in GLSA 201509-04 at https://security.gentoo.org/glsa/201509-04 by GLSA coordinator Kristian Fiskerstrand (K_F). |