Bug 866237 (CVE-2021-46848)

Comment 1 Larry the Git Cow 2022-08-24 00:21:33 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f20142212ed5c0af56b490f707e5fdff8138481

commit 8f20142212ed5c0af56b490f707e5fdff8138481
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-08-24 00:18:10 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-24 00:20:39 +0000

    dev-libs/libtasn1: add 4.19.0
    
    Licensing was also clarified upstream: https://gitlab.com/gnutls/libtasn1/-/issues/38.
    
    Bug: https://gitlab.com/gnutls/libtasn1/-/issues/38
    Bug: https://bugs.gentoo.org/866237
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libtasn1/Manifest               |  2 ++
 dev-libs/libtasn1/libtasn1-4.19.0.ebuild | 55 ++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)

Comment 2 Larry the Git Cow 2022-09-23 02:09:23 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c4bd08fb54e718a400e503a515dbede0fd3d4d8

commit 8c4bd08fb54e718a400e503a515dbede0fd3d4d8
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-09-23 02:00:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-09-23 02:08:52 +0000

    dev-libs/libtasn1: drop 4.18.0
    
    Bug: https://bugs.gentoo.org/866237
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libtasn1/Manifest               |  1 -
 dev-libs/libtasn1/libtasn1-4.18.0.ebuild | 53 --------------------------------
 2 files changed, 54 deletions(-)

Comment 3 John Helmert III 2022-10-22 02:13:57 UTC

OOB read in a library, very unlikely to be exploitable, no GLSA. All done!

Also, CVE requested.

The Alias CVE appears to be wrong. Correct would be CVE-2021-46848.