From ${URL} : The libtasn1 library, in its 4.7 version, can loop for a long time or indefinitely when it is used to parse DER representations of X509 certificates, leading to a denial of service. Some of these loops may in addition increase heap or stack usage, leading to more issues. References (with reproducer): http://seclists.org/oss-sec/2016/q2/51 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
I believe we can stabilize.
Stabilise what?
(In reply to Jeroen Roovers from comment #2) > Stabilise what? Sorry :) dev-libs/libtasn1-4.8
Stable for HPPA PPC64.
arm stable
alpha stable
stable ping
x86 stable
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
@amd64 got skipped somehow. Please stabilize: =dev-libs/libtasn1-4.8
amd64 stable. Maintainer(s), please cleanup.
GLSA request filed.
This issue was resolved and addressed in GLSA 201703-05 at https://security.gentoo.org/glsa/201703-05 by GLSA coordinator Yury German (BlueKnight).