Your message dated Sat, 11 Jul 2026 10:32:47 +0000
with message-id <[email protected]>
and subject line Released in 13.6
has caused the Debian Bug report #1140295,
regarding trixie-pu: package libtasn1-6/4.20.0-2+deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1140295: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140295
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:libtasn1-6
User: [email protected]
Usertags: pu

  * CVE-2025-13151: Stack-based buffer overflow in asn1_expand_octet_string()
    (Closes: #1125063)
diffstat for libtasn1-6-4.20.0 libtasn1-6-4.20.0

 changelog                                                 |    8 ++++
 patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch |   26 ++++++++++++++
 patches/series                                            |    1 
 3 files changed, 35 insertions(+)

diff -Nru libtasn1-6-4.20.0/debian/changelog libtasn1-6-4.20.0/debian/changelog
--- libtasn1-6-4.20.0/debian/changelog  2025-02-14 20:07:38.000000000 +0200
+++ libtasn1-6-4.20.0/debian/changelog  2026-06-17 21:48:52.000000000 +0300
@@ -1,3 +1,11 @@
+libtasn1-6 (4.20.0-2+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-13151: Stack-based buffer overflow in asn1_expand_octet_string()
+    (Closes: #1125063)
+
+ -- Adrian Bunk <[email protected]>  Wed, 17 Jun 2026 21:48:52 +0300
+
 libtasn1-6 (4.20.0-2) unstable; urgency=medium
 
   * Fix autopkgtest by running ./configure.
diff -Nru 
libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
 
libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
--- 
libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
  1970-01-01 02:00:00.000000000 +0200
+++ 
libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch
  2026-06-17 21:43:57.000000000 +0300
@@ -0,0 +1,26 @@
+From 673ef0883c725c3ab642e71e95bbf1f4fc86c824 Mon Sep 17 00:00:00 2001
+From: Vijay Sarvepalli <[email protected]>
+Date: Mon, 22 Dec 2025 12:24:27 -0500
+Subject: Fix for CVE-2025-13151 Buffer overflow
+
+Signed-off-by: Simon Josefsson <[email protected]>
+---
+ lib/decoding.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 1e0fcb3..abcb49f 100644
+--- a/lib/decoding.c
++++ b/lib/decoding.c
+@@ -1983,7 +1983,7 @@ int
+ asn1_expand_octet_string (asn1_node_const definitions, asn1_node *element,
+                         const char *octetName, const char *objectName)
+ {
+-  char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
++  char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE];
+   int retCode = ASN1_SUCCESS, result;
+   int len, len2, len3;
+   asn1_node_const p2;
+-- 
+2.47.3
+
diff -Nru libtasn1-6-4.20.0/debian/patches/series 
libtasn1-6-4.20.0/debian/patches/series
--- libtasn1-6-4.20.0/debian/patches/series     1970-01-01 02:00:00.000000000 
+0200
+++ libtasn1-6-4.20.0/debian/patches/series     2026-06-17 21:48:30.000000000 
+0300
@@ -0,0 +1 @@
+0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch

--- End Message ---
--- Begin Message ---
Version: 13.6

This update was released as part of 13.6.

--- End Message ---

Reply via email to