Upstream release notes: * Noteworthy changes in release 4.4 (released 2015-03-29) [stable] - Corrected a two-byte stack overflow in asn1_der_decoding. Reported by Hanno Böck. https://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html Commit is here: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 Please bump.
Already in tree :)
Can we stabilize?
(In reply to Hanno Boeck from comment #2) > Can we stabilize? yes, changes since last are trivial.
Archs, please stabilize. Target keywords: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86
amd64 stable
x86 stable
Stable for HPPA.
arm stable
alpha stable
ia64 stable
ppc64 stable
ppc stable
CVE-2015-2806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2806): Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
sparc stable
stabilization moved to bug 548252 for newer version
This issue was resolved and addressed in GLSA 201509-04 at https://security.gentoo.org/glsa/201509-04 by GLSA coordinator Kristian Fiskerstrand (K_F).