Hi, here's an update to the latest libksba release that fixes several problems. No CVE has been assigned (yet?).
oss-security thread: http://www.openwall.com/lists/oss-security/2015/04/13/5 NEWS entry: --8<-- Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4] ------------------------------------------------ * Fixed an integer overflow in the DN decoder. * Now returns an error instead of terminating the process for certain bad BER encodings. * Improved the parsing of utf-8 strings in DNs. * Allow building with newer versions of Bison. * Improvement building on Windows with newer versions of Mingw. -->8-- Index: Makefile =================================================================== RCS file: /cvs/ports/security/libksba/Makefile,v retrieving revision 1.12 diff -u -p -r1.12 Makefile --- Makefile 16 Mar 2015 18:07:54 -0000 1.12 +++ Makefile 15 Apr 2015 11:56:15 -0000 @@ -2,9 +2,8 @@ COMMENT = X.509 library -DISTNAME = libksba-1.3.2 +DISTNAME = libksba-1.3.3 CATEGORIES = security -REVISION = 0 SHARED_LIBS = ksba 0.2 #19 Index: distinfo =================================================================== RCS file: /cvs/ports/security/libksba/distinfo,v retrieving revision 1.4 diff -u -p -r1.4 distinfo --- distinfo 16 Dec 2014 10:05:27 -0000 1.4 +++ distinfo 15 Apr 2015 11:56:15 -0000 @@ -1,2 +1,2 @@ -SHA256 (libksba-1.3.2.tar.bz2) = 65VTeVXfwoRWkKTMODYHT6bQosLKLL8XWTZNO9mGhAY= -SIZE (libksba-1.3.2.tar.bz2) = 600952 +SHA256 (libksba-1.3.3.tar.bz2) = DH9f/jTQQU9pUdmICkb8wphcSH98NjabnxGtQRMcd4Y= +SIZE (libksba-1.3.3.tar.bz2) = 618698 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
