Your message dated Sat, 04 Jul 2026 15:47:25 +0000
with message-id <[email protected]>
and subject line Bug#1125063: fixed in libtasn1-6 4.20.0-2+deb13u1
has caused the Debian Bug report #1125063,
regarding libtasn1-6: CVE-2025-13151
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1125063: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125063
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtasn1-6
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for libtasn1-6.

CVE-2025-13151[0]:
| Stack-based buffer overflow in libtasn1 version: v4.20.0. The
| function fails to validate the size of input data resulting in a
| buffer overflow in asn1_expend_octet_string.

Patch isn't merged yet:
https://gitlab.com/gnutls/libtasn1/-/merge_requests/121


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-13151
    https://www.cve.org/CVERecord?id=CVE-2025-13151

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: libtasn1-6
Source-Version: 4.20.0-2+deb13u1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libtasn1-6, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated libtasn1-6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 17 Jun 2026 21:48:52 +0300
Source: libtasn1-6
Architecture: source
Version: 4.20.0-2+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1125063
Changes:
 libtasn1-6 (4.20.0-2+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-13151: Stack-based buffer overflow in asn1_expand_octet_string()
     (Closes: #1125063)
Checksums-Sha1:
 2783dd78e3576d56d88d38d12ee89f4e4ba6d903 2697 libtasn1-6_4.20.0-2+deb13u1.dsc
 ef6a358e16e056476b4be121ed2fb2ce11d791ed 1783873 libtasn1-6_4.20.0.orig.tar.gz
 b59bd89f65680b9da67ebea07982c4d763188170 1223 libtasn1-6_4.20.0.orig.tar.gz.asc
 fa7965b3141871d5556df3b87ce7af13ad4f0e41 19196 
libtasn1-6_4.20.0-2+deb13u1.debian.tar.xz
Checksums-Sha256:
 3f8b0e7ddd5325278b1164f260e45e785e5907309d76b703c8716d068f9cd7e9 2697 
libtasn1-6_4.20.0-2+deb13u1.dsc
 92e0e3bd4c02d4aeee76036b2ddd83f0c732ba4cda5cb71d583272b23587a76c 1783873 
libtasn1-6_4.20.0.orig.tar.gz
 0faa628b6a3e4bb84ca5f00f127c6dfa1fc96a7ad88030dd7aa048753cf4b201 1223 
libtasn1-6_4.20.0.orig.tar.gz.asc
 c1ba650436b6a9fc5fac5ea494ab20caf7adb29a3713067e8b665d2f2f325cb1 19196 
libtasn1-6_4.20.0-2+deb13u1.debian.tar.xz
Files:
 af3dbd60655b86230804fe459d713c86 2697 libs optional 
libtasn1-6_4.20.0-2+deb13u1.dsc
 930f71d788cf37505a0327c1b84741be 1783873 libs optional 
libtasn1-6_4.20.0.orig.tar.gz
 9940a0f8bf136c716403d2e81bc75b0f 1223 libs optional 
libtasn1-6_4.20.0.orig.tar.gz.asc
 e571c7d541b67587e21f063f3fb50b0d 19196 libs optional 
libtasn1-6_4.20.0-2+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmoy8Z8ACgkQiNJCh6LY
mLFVxRAAg0noSv5Ujt1/ZEMU+Kdn60+5HUfMsfJfS8nExZ1Q/6yhbN659hsVUj9I
EwSYl5WzrfFkI+bprRpbbG8lObI5ElREMd+1OSzUFO2yxf4W3xC4wdhEoGHMwagp
jyFvMJNtSMEf2FdvvwupOBy4k9GvWWEch5x325zdEAaS4tbj9mGXqX6MVVBZ7xDf
qWWnE3hZWhuOyQp+dnkRAJr2OyoT9DibLf9cX1KU2ly6oJuY+EgPsa3r2TC42pzj
qSgSlRPZ281BydjSB8NYUCschSLMod2f6qFRokuZaj/X2Q7rLcSDy2WAc3NYgehm
hNqEi98DfBe7EEk8c2N7lblOe7dIkl+mlsaBjJah+XjYw+JG5WwexI8mEbW7yssb
VDd9QzGzHvAZ9jprGCjzm7p8ye/g5UOwU03pqiHncI+xbsIimaVxY6DWolkIsE2B
B3knUuzFG2juTF/3T4fEPFxqf+JJyCnsIx2wzfww7tpu557b3d/3mA+JIewBhAtu
oPZJYtRJLytrgmVNBWgN5nFmFBsnhBSNgA2zZx9E6yWAASJiAOldZ3NeR0Lt2jHX
UX/I/yqKJ0GMn43qn0qUop8RHOngg/FVwhIvyRrArrBHLnX2BW8Th8lcLMxqImao
zosCk3UhU41/i5qbI4WRFAFdWFVmqGCcv9Xv9pYEpmoYCbQsosQ=
=I2Ah
-----END PGP SIGNATURE-----

Attachment: pgpPzUxg2z9x6.pgp
Description: PGP signature


--- End Message ---

Reply via email to