Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1

To: Salvatore Bonaccorso <carnil@debian.org>, 824484@bugs.debian.org
Subject: Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 24 May 2016 21:41:48 +0100
Message-id: <[🔎] 1464122508.1897.47.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 824484@bugs.debian.org
In-reply-to: <[🔎] 20160516153021.GA8681@lorien.valinor.li>
References: <[🔎] 20160516153021.GA8681@lorien.valinor.li>

Control: tags -1 + confirmed

On Mon, 2016-05-16 at 17:30 +0200, Salvatore Bonaccorso wrote:
> libksba in jessie is affected by some CVEs which do not neccessarly
> seem to need a DSA. I would like to propose the attached
> debdiff/update for libksba via the next jessie point release.
> 
> Would you accept that upload? I took the git commits without
> modifying, thus the first patch as well updates the copyright years
> notice in one file. I can drop that if you prefer.
> 
> The "Fix an OOB read access in _ksba_dn_to_str" patch is an addition
> to CVE-2016-4356 required. If we do not apply that one libskba will be
> affected by CVE-2016-4574.

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processed: Re: Bug#825087: jessie-pu: package chrony/1.30-2+deb8u2
Next by Date: Processed: Re: Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1
Previous by thread: Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1
Next by thread: Bug#824484: jessie-pu: package libksba/1.3.2-1+deb8u1
Index(es):
- Date
- Thread