Your message dated Sat, 11 Jul 2026 10:32:47 +0000
with message-id <[email protected]>
and subject line Released in 13.6
has caused the Debian Bug report #1140295,
regarding trixie-pu: package libtasn1-6/4.20.0-2+deb13u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140295: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140295
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:libtasn1-6
User: [email protected]
Usertags: pu
* CVE-2025-13151: Stack-based buffer overflow in asn1_expand_octet_string()
(Closes: #1125063)
diffstat for libtasn1-6-4.20.0 libtasn1-6-4.20.0
changelog | 8 ++++
patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch | 26 ++++++++++++++
patches/series | 1
3 files changed, 35 insertions(+)
diff -Nru libtasn1-6-4.20.0/debian/changelog libtasn1-6-4.20.0/debian/changelog
--- libtasn1-6-4.20.0/debian/changelog 2025-02-14 20:07:38.000000000 +0200
+++ libtasn1-6-4.20.0/debian/changelog 2026-06-17 21:48:52.000000000 +0300
@@ -1,3 +1,11 @@
+libtasn1-6 (4.20.0-2+deb13u1) trixie; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2025-13151: Stack-based buffer overflow in asn1_expand_octet_string()
+ (Closes: #1125063)
+
+ -- Adrian Bunk <[email protected]> Wed, 17 Jun 2026 21:48:52 +0300
+
libtasn1-6 (4.20.0-2) unstable; urgency=medium
* Fix autopkgtest by running ./configure.
diff -Nru
libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
---
libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
1970-01-01 02:00:00.000000000 +0200
+++
libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
2026-06-17 21:43:57.000000000 +0300
@@ -0,0 +1,26 @@
+From 673ef0883c725c3ab642e71e95bbf1f4fc86c824 Mon Sep 17 00:00:00 2001
+From: Vijay Sarvepalli <[email protected]>
+Date: Mon, 22 Dec 2025 12:24:27 -0500
+Subject: Fix for CVE-2025-13151 Buffer overflow
+
+Signed-off-by: Simon Josefsson <[email protected]>
+---
+ lib/decoding.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 1e0fcb3..abcb49f 100644
+--- a/lib/decoding.c
++++ b/lib/decoding.c
+@@ -1983,7 +1983,7 @@ int
+ asn1_expand_octet_string (asn1_node_const definitions, asn1_node *element,
+ const char *octetName, const char *objectName)
+ {
+- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
++ char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE];
+ int retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ asn1_node_const p2;
+--
+2.47.3
+
diff -Nru libtasn1-6-4.20.0/debian/patches/series
libtasn1-6-4.20.0/debian/patches/series
--- libtasn1-6-4.20.0/debian/patches/series 1970-01-01 02:00:00.000000000
+0200
+++ libtasn1-6-4.20.0/debian/patches/series 2026-06-17 21:48:30.000000000
+0300
@@ -0,0 +1 @@
+0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
--- End Message ---
--- Begin Message ---
Version: 13.6
This update was released as part of 13.6.
--- End Message ---