Your message dated Sun, 16 Feb 2025 11:32:36 +0000
with message-id <[email protected]>
and subject line Bug#1095406: fixed in libtasn1-6 4.19.0-2+deb12u1
has caused the Debian Bug report #1095406,
regarding libtasn1-6: CVE-2024-12133
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1095406: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095406
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtasn1-6
Version: 4.19.0-3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/libtasn1/-/issues/52
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 4.19.0-2
Hi,
The following vulnerability was published for libtasn1-6.
CVE-2024-12133[0]:
| Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-12133
https://www.cve.org/CVERecord?id=CVE-2024-12133
[1] https://gitlab.com/gnutls/libtasn1/-/issues/52
[2] https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html
[3]
https://gitlab.com/gnutls/libtasn1/-/commit/4082ca2220b5ba910b546afddf7780fc4a51f75a
[4]
https://gitlab.com/gnutls/libtasn1/-/commit/869a97aa259dffa2620dabcad84e1c22545ffc3d
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libtasn1-6
Source-Version: 4.19.0-2+deb12u1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libtasn1-6, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated libtasn1-6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Feb 2025 13:23:13 +0100
Source: libtasn1-6
Architecture: source
Version: 4.19.0-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1095406
Changes:
libtasn1-6 (4.19.0-2+deb12u1) bookworm-security; urgency=high
.
* Fix CVE-2024-12133 potential DoS in handling of numerous SEQUENCE OF
or SET OF elements. Closes: #1095406
Checksums-Sha1:
9e820b3858aa79e1859821c5cb6aabe43cf40a3f 2694 libtasn1-6_4.19.0-2+deb12u1.dsc
9c4b6616de65513a0a4d27e0b7f25184391ca8fd 1786576 libtasn1-6_4.19.0.orig.tar.gz
03c8e91a26463318aa4c6e82f717afd5b6cb5dc6 228 libtasn1-6_4.19.0.orig.tar.gz.asc
202449b91404227c489bd01d11f5666e15df4ca5 24876
libtasn1-6_4.19.0-2+deb12u1.debian.tar.xz
1cf7f36b271705ed11a4627588ad1f5f536c5f4b 5507
libtasn1-6_4.19.0-2+deb12u1_source.buildinfo
Checksums-Sha256:
54eabe8526f590a52771d99ce8c592d3edd549e98d84ea6649db473d528cc6ec 2694
libtasn1-6_4.19.0-2+deb12u1.dsc
1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a 1786576
libtasn1-6_4.19.0.orig.tar.gz
8410c0c004f3509c218a98b276b3308b9c46f48068e8b1a6d9ebfd61ea9f357a 228
libtasn1-6_4.19.0.orig.tar.gz.asc
878db2aeeb04e43a70750480a4f17498b7ed46fb5fe433acb6721b3e6d38088c 24876
libtasn1-6_4.19.0-2+deb12u1.debian.tar.xz
ec5c9b7bed76612abd46a9ec3b654f30866b6daa8ac944c8fe39f8e1585ef21e 5507
libtasn1-6_4.19.0-2+deb12u1_source.buildinfo
Files:
106f766d6340332da6966090bb95f6ca 2694 libs optional
libtasn1-6_4.19.0-2+deb12u1.dsc
f701ab57eb8e7d9c105b2cd5d809b29a 1786576 libs optional
libtasn1-6_4.19.0.orig.tar.gz
5d93221bd2bb8d075e9cc83d09dccfaf 228 libs optional
libtasn1-6_4.19.0.orig.tar.gz.asc
94561d8dfd3571a4978608aca320052a 24876 libs optional
libtasn1-6_4.19.0-2+deb12u1.debian.tar.xz
bba96d15d168b9d3b4c9e4570250de74 5507 libs optional
libtasn1-6_4.19.0-2+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmenTh0ACgkQpU8BhUOC
FIQOfA//U7WMH8SxUgYF+Wr4p1UMQmAQ21yTgFXYG8kCwuXemIO8cKQUHPLfyGfM
6et5FGBmmF7UNw0vFY8470GYLcnEcGU04jyNHxWKatBOwhN0atCY+PqpPqfAMJbs
5PI1MBF4YMOFvRgUtfMbKxX9q2EK6hUkbRpct58/3WpwEVBk/JKaBVV5pRLfsQpV
ge15ehQ44aPwyCZ/4XKUxY8Dj2j3S/LLmxskLo0TKuibpYAuTR1xjwvBWJUTHRKz
MGlYMllr1lSFt6oirgmdvkDKne6PKmC9I3/BXlWrRvEuQTCO9jr/coVW8FN93DLQ
qumXZjB7fmUTKdUmgi/yVGxLLq3ye2n8kpH8TApkgvZRQdq+Z/xJUzAOWMBdhEJ6
nHJKUV/TqdkmDNoxOpHqF8UY55k/k9gxND0V8c/UV8lYl8GvdSdZCM/Ryi+LM2QQ
61OzKnCDkffBQHUIQZKiiKnj37z6LebntKZIHvWia/zG0ToMbnoH+mtLDuq5+U/4
mEO1KaiSqhrt1/Lq6JBzqNEdKuARzNnUQvHxliqnW/lbMZhKBS5e9KLm4I/TG8PU
uqX7LHux61Tc7LLsXMSeVcyUPxQ7E651xZJwz9U5u7sOBGbnsHZIy5Hqu4LDOzcr
ixnAPsS/TaqmqFP3pMoQ334R/Ovt8JS3KIotuixbxzuX/C/u4jQ=
=Kqu2
-----END PGP SIGNATURE-----
pgpcLeKbI61Mt.pgp
Description: PGP signature
--- End Message ---
