Release notes for 4.19.0 say: * Noteworthy changes in release 4.19.0 (2022-08-23) [stable] - Clarify libtasn1.map license. Closes: #38. - Fix ETYPE_OK out of bounds read. Closes: #32. - Update gnulib files and various maintenance fixes.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f20142212ed5c0af56b490f707e5fdff8138481 commit 8f20142212ed5c0af56b490f707e5fdff8138481 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-08-24 00:18:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-24 00:20:39 +0000 dev-libs/libtasn1: add 4.19.0 Licensing was also clarified upstream: https://gitlab.com/gnutls/libtasn1/-/issues/38. Bug: https://gitlab.com/gnutls/libtasn1/-/issues/38 Bug: https://bugs.gentoo.org/866237 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libtasn1/Manifest | 2 ++ dev-libs/libtasn1/libtasn1-4.19.0.ebuild | 55 ++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c4bd08fb54e718a400e503a515dbede0fd3d4d8 commit 8c4bd08fb54e718a400e503a515dbede0fd3d4d8 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-09-23 02:00:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-09-23 02:08:52 +0000 dev-libs/libtasn1: drop 4.18.0 Bug: https://bugs.gentoo.org/866237 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libtasn1/Manifest | 1 - dev-libs/libtasn1/libtasn1-4.18.0.ebuild | 53 -------------------------------- 2 files changed, 54 deletions(-)
OOB read in a library, very unlikely to be exploitable, no GLSA. All done! Also, CVE requested.
The Alias CVE appears to be wrong. Correct would be CVE-2021-46848.
