Your message dated Sat, 08 Feb 2025 12:20:25 +0000
with message-id <[email protected]>
and subject line Bug#1095406: fixed in libtasn1-6 4.20.0-1
has caused the Debian Bug report #1095406,
regarding libtasn1-6: CVE-2024-12133
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1095406: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095406
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtasn1-6
Version: 4.19.0-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/libtasn1/-/issues/52
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 4.19.0-2
Hi,
The following vulnerability was published for libtasn1-6.
CVE-2024-12133[0]:
| Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-12133
https://www.cve.org/CVERecord?id=CVE-2024-12133
[1] https://gitlab.com/gnutls/libtasn1/-/issues/52
[2] https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html
[3]
https://gitlab.com/gnutls/libtasn1/-/commit/4082ca2220b5ba910b546afddf7780fc4a51f75a
[4]
https://gitlab.com/gnutls/libtasn1/-/commit/869a97aa259dffa2620dabcad84e1c22545ffc3d
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtasn1-6
Source-Version: 4.20.0-1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libtasn1-6, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated libtasn1-6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Feb 2025 12:07:16 +0100
Source: libtasn1-6
Architecture: source
Version: 4.20.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1095406
Changes:
libtasn1-6 (4.20.0-1) unstable; urgency=medium
.
* Tighten watch file to avoid matching libtasn1-v4.20.0-src.tar.gz
* Update signing-key from 4 keyfiles linked from
https://www.gnu.org/software/libtasn1/
* New upstream version.
+ Fixes CVE-2024-12133 Potential DoS in handling of numerous SEQUENCE OF
or SET OF elements. Closes: #1095406
+ Update copyright info.
Checksums-Sha1:
187cc110b7412df7c8a44b3eb88c3726af319dcd 2665 libtasn1-6_4.20.0-1.dsc
ef6a358e16e056476b4be121ed2fb2ce11d791ed 1783873 libtasn1-6_4.20.0.orig.tar.gz
b59bd89f65680b9da67ebea07982c4d763188170 1223 libtasn1-6_4.20.0.orig.tar.gz.asc
c9bd69fa6781b045064c6fc80870a0cbef3873d7 18584
libtasn1-6_4.20.0-1.debian.tar.xz
Checksums-Sha256:
8875783637ddd2e2bc5d64a0f8829f1cd20f844b16e4f2688109da9abdb44557 2665
libtasn1-6_4.20.0-1.dsc
92e0e3bd4c02d4aeee76036b2ddd83f0c732ba4cda5cb71d583272b23587a76c 1783873
libtasn1-6_4.20.0.orig.tar.gz
0faa628b6a3e4bb84ca5f00f127c6dfa1fc96a7ad88030dd7aa048753cf4b201 1223
libtasn1-6_4.20.0.orig.tar.gz.asc
1347ad5148ef3ceb4a940a3739d0e07f9cc4882bec6ee88ef3ec20689b305d30 18584
libtasn1-6_4.20.0-1.debian.tar.xz
Files:
9c7c58a6b1466c6c15a15c2bbc134dd5 2665 libs optional libtasn1-6_4.20.0-1.dsc
930f71d788cf37505a0327c1b84741be 1783873 libs optional
libtasn1-6_4.20.0.orig.tar.gz
9940a0f8bf136c716403d2e81bc75b0f 1223 libs optional
libtasn1-6_4.20.0.orig.tar.gz.asc
1da8e447d4f81bf1ea98e09256bda058 18584 libs optional
libtasn1-6_4.20.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmenRyUACgkQpU8BhUOC
FITDcQ/9GRVSxwsWVt/F/6sLjFQ2D6wy9LSZRUPbEH5mPmp7ROsvj1uWuaTP45PU
QpYmbIG6VfswiUvKh8Yt4IQu726eaeFNP4oMg/ZuJq5pctP6lrOCy8giJOwHX8yr
KGYYlNFcUdQ7lB6uIJRyyg/N3wTFvb6Kcwm2jvcqdg3bCviYeFi1uwJKXuRdJXqI
EcX1Ck6im3x+zJthsZGZru/DZeqS5SFSPM3alPEZ6wWsaEjx9I2pQv+3M3XyFpA0
oHCYLbq9tmrqBp4kddLHYUjqsc51M2C75dezqSB5S01s4GyjijxqGfQwe3EsOQhW
m+Ld2isnWftEZf8toPgi+zZsqAUx4lUe5UK2FIeNx4jW8zkuOvJgeZqN/cRvF1Yn
TjkAb5BQpyCxIv3djXA5f05zoc2FT4AANUNIXxOlxHTlQcsYiEuG2ifoMlgX72j3
e2EJHkw1Vg4eGE3QKx4A0hdPk+a7h4WECRV5/9n3kvQplIQoXBDXCiBHPe+G+DBK
J85/5UX9KOUFfXtBBMCUp3G3hBgaYjhy7ZGehLWjy+Su5SxInxWmE4HfLS+RPgBk
UuXlCAtrYi8F4pHgU38jKsd2Aeu+KoNoWnWxv3YgLozLm4zvzt40ntRQYlUS5B94
uQXNObVe8SxbDjPRpSGiWYGhcrF0SNX8pyiOhoOl2lhpxKGpyFg=
=OU1v
-----END PGP SIGNATURE-----
pgpqxyTF1dAJF.pgp
Description: PGP signature
--- End Message ---
