Your message dated Sat, 17 Dec 2022 10:57:10 +0000
with message-id
<03e9b90cf2f149b9e2835590c9ec0ccb048b744d.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 11.6
has caused the Debian Bug report #1023261,
regarding bullseye-pu: package libtasn1-6/4.16.0-2+deb11u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1023261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023261
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bullseye
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected], [email protected]
Hello,
I would like to fix CVE-2021-46848 in bullseye. This was fixed in
sid/testing by new upstream 4.19.0. I already had some correspondence
with debian-security, no DSA is planned.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru libtasn1-6-4.16.0/debian/changelog libtasn1-6-4.16.0/debian/changelog
--- libtasn1-6-4.16.0/debian/changelog 2020-02-15 17:38:59.000000000 +0100
+++ libtasn1-6-4.16.0/debian/changelog 2022-11-01 11:57:42.000000000 +0100
@@ -1,3 +1,10 @@
+libtasn1-6 (4.16.0-2+deb11u1) bullseye; urgency=medium
+
+ * Fix ETYPE_OK out of bounds read. CVE-2021-46848
+ 10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
+
+ -- Andreas Metzler <[email protected]> Tue, 01 Nov 2022 11:57:42 +0100
+
libtasn1-6 (4.16.0-2) unstable; urgency=low
* Upload to unstable.
diff -Nru libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
--- libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch 1970-01-01 01:00:00.000000000 +0100
+++ libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch 2022-10-30 13:02:08.000000000 +0100
@@ -0,0 +1,29 @@
+From 44a700d2051a666235748970c2df047ff207aeb5 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <[email protected]>
+Date: Wed, 17 Aug 2022 12:25:06 +0200
+Subject: [PATCH] Fix ETYPE_OK off by one array size check. Closes: #32.
+
+Reported by David Trabish in
+<https://gitlab.com/gnutls/libtasn1/-/issues/32>.
+
+Signed-off-by: Simon Josefsson <[email protected]>
+---
+ NEWS | 1 +
+ lib/int.h | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/lib/int.h
++++ b/lib/int.h
+@@ -95,11 +95,11 @@
+ case ASN1_ETYPE_SET_OF
+
+ #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+- (etype) <= _asn1_tags_size && \
++ (etype) < _asn1_tags_size && \
+ _asn1_tags[(etype)].desc != NULL)?1:0)
+
+ #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+ etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \
+ etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \
diff -Nru libtasn1-6-4.16.0/debian/patches/series libtasn1-6-4.16.0/debian/patches/series
--- libtasn1-6-4.16.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libtasn1-6-4.16.0/debian/patches/series 2022-11-01 11:57:42.000000000 +0100
@@ -0,0 +1 @@
+10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 11.6
Hi,
Each of the updates referred to in these requests was included in this
morning's 11.6 point release.
Regards,
Adam
--- End Message ---
