Summary: | <dev-perl/Convert-ASN1-0.270.0-r1: Unsafe decoding can cause denial of service (CVE-2013-7488) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kentnl, perl |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/gbarr/perl-Convert-ASN1/issues/14 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
=dev-perl/Convert-ASN1-0.270.0-r1 amd64 sparc x86
|
Runtime testing required: | --- |
Description
Sam James
2020-04-08 10:32:19 UTC
Possible patch: https://github.com/gbarr/perl-Convert-ASN1/pull/15 @maintainer(s), please review if suitable for inclusion and let us know. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dc32f9b7cf12ea92bbdca93405b602d06925dd2 commit 9dc32f9b7cf12ea92bbdca93405b602d06925dd2 Author: Kent Fredric <kentnl@gentoo.org> AuthorDate: 2020-06-28 16:30:58 +0000 Commit: Kent Fredric <kentnl@gentoo.org> CommitDate: 2020-06-28 16:37:13 +0000 dev-perl/Convert-ASN1: -r bump for CVE-2013-7488 bug #716680 - EAPI7 - Remove empty/unused variable assignments - Add patch submitted to upstream repo to remedy CVE-2013-7488 Bug: https://bugs.gentoo.org/716680 Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15 Bug: https://github.com/gbarr/perl-Convert-ASN1/issues/14 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1821879 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Kent Fredric <kentnl@gentoo.org> .../Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild | 27 +++++++++++++ .../files/Convert-ASN1-0.270.0-CVE-2013-7488.patch | 45 ++++++++++++++++++++++ 2 files changed, 72 insertions(+) Thanks! Let us know when ready to stable. hppa stable ppc/ppc64 stable arm stable arm64 stable s390 stable sparc stable amd64, x86: ping amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22e06ed632bf6b368fb0f47265666d4a80483ee3 commit 22e06ed632bf6b368fb0f47265666d4a80483ee3 Author: Kent Fredric <kentnl@gentoo.org> AuthorDate: 2020-07-17 08:25:07 +0000 Commit: Kent Fredric <kentnl@gentoo.org> CommitDate: 2020-07-17 08:25:07 +0000 dev-perl/Convert-ASN1: Cleanup old 0.270.0 re bug #716680 Bug: https://bugs.gentoo.org/716680 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Kent Fredric <kentnl@gentoo.org> dev-perl/Convert-ASN1/Convert-ASN1-0.270.0.ebuild | 29 ----------------------- 1 file changed, 29 deletions(-) GLSA vote: no! Tree clean, thanks. Closing. |