Description: "perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input." URL (bug): https://github.com/gbarr/perl-Convert-ASN1/issues/14 URL (RH): https://bugzilla.redhat.com/show_bug.cgi?id=1821879 A possible fix is mentioned in the first bug link.
Possible patch: https://github.com/gbarr/perl-Convert-ASN1/pull/15 @maintainer(s), please review if suitable for inclusion and let us know.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dc32f9b7cf12ea92bbdca93405b602d06925dd2 commit 9dc32f9b7cf12ea92bbdca93405b602d06925dd2 Author: Kent Fredric <kentnl@gentoo.org> AuthorDate: 2020-06-28 16:30:58 +0000 Commit: Kent Fredric <kentnl@gentoo.org> CommitDate: 2020-06-28 16:37:13 +0000 dev-perl/Convert-ASN1: -r bump for CVE-2013-7488 bug #716680 - EAPI7 - Remove empty/unused variable assignments - Add patch submitted to upstream repo to remedy CVE-2013-7488 Bug: https://bugs.gentoo.org/716680 Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15 Bug: https://github.com/gbarr/perl-Convert-ASN1/issues/14 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1821879 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Kent Fredric <kentnl@gentoo.org> .../Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild | 27 +++++++++++++ .../files/Convert-ASN1-0.270.0-CVE-2013-7488.patch | 45 ++++++++++++++++++++++ 2 files changed, 72 insertions(+)
Thanks! Let us know when ready to stable.
hppa stable
ppc/ppc64 stable
arm stable
arm64 stable
s390 stable
sparc stable
amd64, x86: ping
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22e06ed632bf6b368fb0f47265666d4a80483ee3 commit 22e06ed632bf6b368fb0f47265666d4a80483ee3 Author: Kent Fredric <kentnl@gentoo.org> AuthorDate: 2020-07-17 08:25:07 +0000 Commit: Kent Fredric <kentnl@gentoo.org> CommitDate: 2020-07-17 08:25:07 +0000 dev-perl/Convert-ASN1: Cleanup old 0.270.0 re bug #716680 Bug: https://bugs.gentoo.org/716680 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Kent Fredric <kentnl@gentoo.org> dev-perl/Convert-ASN1/Convert-ASN1-0.270.0.ebuild | 29 ----------------------- 1 file changed, 29 deletions(-)
GLSA vote: no! Tree clean, thanks. Closing.