Your message dated Fri, 26 Jul 2019 18:07:57 +0000
with message-id <[email protected]>
and subject line Bug#906768: fixed in libtasn1-6 4.14-1
has caused the Debian Bug report #906768,
regarding libtasn-1: CVE-2018-1000654
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
906768: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906768
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtasn1-6
Version: 4.13-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/libtasn1/issues/4

Hi,

The following vulnerability was published for libtasn1-6.

CVE-2018-1000654[0]:
| GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12
| contains a DoS, specifically CPU usage will reach 100% when running
| asn1Paser against the POC due to an issue in
| _asn1_expand_object_id(p_tree), after a long time, the program will be
| killed. This attack appears to be exploitable via parsing a crafted
| file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1000654
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654
[1] https://gitlab.com/gnutls/libtasn1/issues/4

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: libtasn1-6
Source-Version: 4.14-1

We believe that the bug you reported is fixed in the latest version of
libtasn1-6, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated libtasn1-6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Jul 2019 19:45:42 +0200
Source: libtasn1-6
Architecture: source
Version: 4.14-1
Distribution: experimental
Urgency: low
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 906768
Changes:
 libtasn1-6 (4.14-1) experimental; urgency=low
 .
   * New upstream version.
     + Drop 10_modernize_gtkdoc.diff.
     + README replaced by README.md.
     + 20_nooverrideldflags.diff Respect LDFLAGS in src subdirectory again.
     + Fixes DoS in asn1Parser binary (not the library).
       CVE-2018-1000654 Closes: #906768
   * Be paranoid and bump symbol dependency info.
Checksums-Sha1: 
 ac36647fc17be4e99cd947d9e959fc3d92122c44 2566 libtasn1-6_4.14-1.dsc
 4ce6a70a40f50a2c29a62bbf1c0c5b6e306ca4e3 1771184 libtasn1-6_4.14.orig.tar.gz
 4cde6140360c0423a9216a1524a29a689f12d4f5 488 libtasn1-6_4.14.orig.tar.gz.asc
 5aec74f3a5f3fcedae5826b793a316a86609e9c1 18020 libtasn1-6_4.14-1.debian.tar.xz
Checksums-Sha256: 
 9f60b96f0f744506bf68144041f2cf021cd3e33e107a214f56308af877fa57fc 2566 
libtasn1-6_4.14-1.dsc
 9e604ba5c5c8ea403487695c2e407405820d98540d9de884d6e844f9a9c5ba08 1771184 
libtasn1-6_4.14.orig.tar.gz
 9c11501a32c3a7da6fd148f2408619054975e38c31b0d2ca562e99477719dda0 488 
libtasn1-6_4.14.orig.tar.gz.asc
 abf225d0bae041776c73cde28a7660e58d584973050dbdc4eb9bd8cd58355149 18020 
libtasn1-6_4.14-1.debian.tar.xz
Files: 
 a9f4e4b404b881d79ca3ae4317897f9e 2566 libs optional libtasn1-6_4.14-1.dsc
 e9918200ed4a778e2b3cbe34c1be4205 1771184 libs optional 
libtasn1-6_4.14.orig.tar.gz
 6fed99b0435c70e16cc325f0d8299dfe 488 libs optional 
libtasn1-6_4.14.orig.tar.gz.asc
 95e2733b8a47cdbdbf8748eb93ab4fff 18020 libs optional 
libtasn1-6_4.14-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl07PagACgkQpU8BhUOC
FIQpkA/+MgikT9qAHyYe2r90MUaPbrerpKUxDnogSY/r+xYBa4r7194Inc7SDHk+
DPwrOlWC/+C+Vc5obnDlkOJMWfOiptl9t6ZTix1ivwPcbTwrsVU20Py9PVK2Nvu6
jSx/Ot/dEi3xORxe2Br1UUrjEN2hTTBwP8HAiHLI73+4qhYTqetwnH4FBqdqjfYY
x8egraWgZLhhi3nlMPvDntDw5I7UcZaYbgLdNjYLsZ1LlTiHhlXfyVKc3JftyQ6P
CYyrl31/tUHbnkaH8laRpHl/0tpFa16BkVRAJ+KidocwKnAxt86v5E5+X5jGjALi
Ve+1QUFexz+/7DVOBDSflHlj1tpUCEACisHFTpbnLpjinEEuaAIDxgDmpZMzIrCD
vNiXuGxLRv95zUe9hCZDi+XZm/aDLjw0xdqJc0C0SwmDxjs7LAQFk7cob27z5LIa
+EBeb9UR41/URj5KIKfSEbAgHXKrqnvXyNgVNLd7oX3wJNyiK4SjP5hkazrLieHw
ikvvZRzEhgcRToJtYeqSwNPcJ2KbHbZnSSOhex+D3tQDS0yP23h/ZpL1Npf9M7zD
jX+vPGDsDiyDcJcfknCWTpSV3uj4/4BuHU8vwmwhjagFdUas51Njad4d7Xjhev7i
XM9FJ4MOVg/c+xrCme0td/vR4si7jE4zlhoG+ktQKh+JNNBY1K8=
=v2/k
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to