Your message dated Tue, 25 Jul 2017 17:19:24 +0000
with message-id <[email protected]>
and subject line Bug#867398: fixed in libtasn1-6 4.12-2.1
has caused the Debian Bug report #867398,
regarding libtasn1-6: CVE-2017-10790
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
867398: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867398
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtasn1-6
Version: 4.2-1
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for libtasn1-6, filling the
bug to track the issue, but the impact is disputable.
CVE-2017-10790[0]:
| The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes
| a NULL pointer dereference and crash when reading crafted input that
| triggers assignment of a NULL value within an asn1_node structure. It
| may lead to a remote denial of service attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-10790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790
[1] https://bugzilla.novell.com/show_bug.cgi?id=1047002
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1464141
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtasn1-6
Source-Version: 4.12-2.1
We believe that the bug you reported is fixed in the latest version of
libtasn1-6, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libtasn1-6
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Jul 2017 07:04:58 +0200
Source: libtasn1-6
Binary: libtasn1-6-dev libtasn1-doc libtasn1-6 libtasn1-bin libtasn1-3-bin
Architecture: source
Version: 4.12-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 867398
Description:
libtasn1-3-bin - transitional libtasn1-3-bin package
libtasn1-6 - Manage ASN.1 structures (runtime)
libtasn1-6-dev - Manage ASN.1 structures (development)
libtasn1-bin - Manage ASN.1 structures (binaries)
libtasn1-doc - Manage ASN.1 structures (documentation)
Changes:
libtasn1-6 (4.12-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* _asn1_check_identifier: safer access to values read (CVE-2017-10790)
(Closes: #867398)
Checksums-Sha1:
18c0852b25351439ff9ac6b158514cbefe301260 2586 libtasn1-6_4.12-2.1.dsc
06544ae5c4ecaa64f2f076b95289e76550143122 58728
libtasn1-6_4.12-2.1.debian.tar.xz
Checksums-Sha256:
0f762f07bbb39e9a49687e8bd7a18a5d3cc435d6c226eaecfcda7a8d325c2cef 2586
libtasn1-6_4.12-2.1.dsc
df32c448a8472eff20fa6989f939cbc0e2caf0d4bb712e54b31b39bbd6d8b781 58728
libtasn1-6_4.12-2.1.debian.tar.xz
Files:
6982161a0f92ed7e0121dd6529b523a9 2586 libs standard libtasn1-6_4.12-2.1.dsc
fe3af74f35c8de66dd94e94df1c91c96 58728 libs standard
libtasn1-6_4.12-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAll20lhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EtFsQAJM/w2Cd9/EEJUjBVmUmLZZwe0MuOMuF
+M25rle/gnmxYMeGERtqN9/2jhakGOILs6+sb9Py+gQzbb4s1VLhI+lqLe725P/b
VN9vXgwGrptk17OW4OAhKK8EuzbDmFDDdTEvPMoH6CNfNHIuIl0g8XRcpvch+fLb
329EBtt2wMz8orhmHGzynqP0xLBLxiJsPTmUW1j8/hbzduE7HVDUagNYR2ZZfZIv
TPzdt+9RFuKdAqyLZ+oTS4CIkfPzqvp+Yxo21thh3iZuxOiA09xEnYDzQPR90p09
TVidX87n2/9d6gzEaCoWwizKf89/RNeZI4dwkuLV38HevubhOn9hcLauCLexzXFa
Vrqby/xMLef4aO+zVc+Yc/3q83o0geXuQqmFNKfmPk4fQrHOln6+ftzZhWJt9gXl
CkgddR5Ub1hVCCwCn+dYRWHUI/8+qSrA81PTfabXtk1T1UCFwA66aHwu4ZNswR/8
KlRD4V2TjH4C9yc8TfO2DhXOp99s+HftY7Ct+sAwsxK55AfkC4P6iW8DuNY/INoX
BWJZYBtdYD0YIID3ElfKZl5dIwzV3kHirRpA39HhptbtVRu3Su+02cZT7VZXJZHk
2ylfH4yN0pk4WAomLHlr4spXjPp602BLL5qC5NVTjV4NVzPYRW75gIlYVaHtgBdE
MsKB9KazySsu
=aooo
-----END PGP SIGNATURE-----
--- End Message ---
