Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 546464 - <dev-libs/libksba-1.3.3: Multiple vulnerabilities
Summary: <dev-libs/libksba-1.3.3: Multiple vulnerabilities
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2015-04-13 14:57 UTC by Agostino Sarubbo
Modified: 2016-04-26 21:23 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-04-13 14:57:12 UTC
From ${URL} :

Following issues were fixed in libksba 1.3.3:

libksba: integer overflow in the DN decoder src/dn.c (append_quoted, append_atv);a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3

libksba: integer overflow in the BER decoder src/ber-decoder.c (ber_decoder_s);a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887

libksba: denial of service due to stack overflow in src/ber-decoder.c (push_decoder_state, pop_decoder_state);a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Alon Bar-Lev (RETIRED) gentoo-dev 2015-04-13 15:08:12 UTC

these two issues were fixed within code but with bump of autotools and yaac, so best to give it few days.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-14 15:34:00 UTC
Arches, please stabilize:
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 3 Pacho Ramos gentoo-dev 2015-05-15 12:46:30 UTC
ppc stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-16 04:18:30 UTC
Stable for PPC64.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-16 04:58:48 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2015-05-18 08:46:08 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-05-19 07:26:43 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-05-27 13:01:33 UTC
arm stable
Comment 9 Jack Morgan (RETIRED) gentoo-dev 2015-06-01 01:49:17 UTC
ia64 stable
Comment 10 Jack Morgan (RETIRED) gentoo-dev 2015-06-02 05:04:19 UTC
sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2015-07-03 08:56:59 UTC
alpha stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 12 Alon Bar-Lev (RETIRED) gentoo-dev 2015-07-03 15:34:46 UTC
Comment 13 Yury German Gentoo Infrastructure gentoo-dev 2015-07-06 04:34:55 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.

CVE Request Pending:
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2016-04-26 21:23:32 UTC
This issue was resolved and addressed in
 GLSA 201604-04 at
by GLSA coordinator Kristian Fiskerstrand (K_F).