Bug#1023261: marked as done (bullseye-pu: package libtasn1-6/4.16.0-2+deb11u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#1023261: marked as done (bullseye-pu: package libtasn1-6/4.16.0-2+deb11u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 17 Dec 2022 11:03:55 +0000
Message-id: <[🔎] handler.1023261.D1023261.16712747411441738.ackdone@bugs.debian.org>
Reply-to: 1023261@bugs.debian.org
References: <03e9b90cf2f149b9e2835590c9ec0ccb048b744d.camel@adam-barratt.org.uk> <Y2D+4Q9DPO7HXhty@argenau.bebt.de>

Your message dated Sat, 17 Dec 2022 10:57:10 +0000
with message-id <03e9b90cf2f149b9e2835590c9ec0ccb048b744d.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 11.6
has caused the Debian Bug report #1023261,
regarding bullseye-pu: package libtasn1-6/4.16.0-2+deb11u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1023261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023261
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bullseye-pu: package libtasn1-6/4.16.0-2+deb11u1
From: Andreas Metzler <ametzler@bebt.de>
Date: Tue, 1 Nov 2022 12:11:29 +0100
Message-id: <Y2D+4Q9DPO7HXhty@argenau.bebt.de>

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libtasn1-6@packages.debian.org, team@security.debian.org

Hello,

I would like to fix CVE-2021-46848 in bullseye. This was fixed in
sid/testing by new upstream 4.19.0. I already had some correspondence
with debian-security, no DSA is planned.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru libtasn1-6-4.16.0/debian/changelog libtasn1-6-4.16.0/debian/changelog
--- libtasn1-6-4.16.0/debian/changelog	2020-02-15 17:38:59.000000000 +0100
+++ libtasn1-6-4.16.0/debian/changelog	2022-11-01 11:57:42.000000000 +0100
@@ -1,3 +1,10 @@
+libtasn1-6 (4.16.0-2+deb11u1) bullseye; urgency=medium
+
+  * Fix ETYPE_OK out of bounds read. CVE-2021-46848
+    10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
+
+ -- Andreas Metzler <ametzler@debian.org>  Tue, 01 Nov 2022 11:57:42 +0100
+
 libtasn1-6 (4.16.0-2) unstable; urgency=low
 
   * Upload to unstable.
diff -Nru libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
--- libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch	1970-01-01 01:00:00.000000000 +0100
+++ libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch	2022-10-30 13:02:08.000000000 +0100
@@ -0,0 +1,29 @@
+From 44a700d2051a666235748970c2df047ff207aeb5 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Wed, 17 Aug 2022 12:25:06 +0200
+Subject: [PATCH] Fix ETYPE_OK off by one array size check.  Closes: #32.
+
+Reported by David Trabish in
+<https://gitlab.com/gnutls/libtasn1/-/issues/32>.
+
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+---
+ NEWS      | 1 +
+ lib/int.h | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/lib/int.h
++++ b/lib/int.h
+@@ -95,11 +95,11 @@
+ 	case ASN1_ETYPE_SET_OF
+ 
+ #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+-                          (etype) <= _asn1_tags_size && \
++                          (etype) < _asn1_tags_size && \
+                           _asn1_tags[(etype)].desc != NULL)?1:0)
+ 
+ #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+ 	etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \
+ 	etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \
diff -Nru libtasn1-6-4.16.0/debian/patches/series libtasn1-6-4.16.0/debian/patches/series
--- libtasn1-6-4.16.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libtasn1-6-4.16.0/debian/patches/series	2022-11-01 11:57:42.000000000 +0100
@@ -0,0 +1 @@
+10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 1017723-done@bugs.debian.org, 1018977-done@bugs.debian.org, 1019539-done@bugs.debian.org, 1019915-done@bugs.debian.org, 1020224-done@bugs.debian.org, 1020443-done@bugs.debian.org, 1020596-done@bugs.debian.org, 1020853-done@bugs.debian.org, 1021130-done@bugs.debian.org, 1021172-done@bugs.debian.org, 1021186-done@bugs.debian.org, 1021214-done@bugs.debian.org, 1021426-done@bugs.debian.org, 1021645-done@bugs.debian.org, 1021647-done@bugs.debian.org, 1021651-done@bugs.debian.org, 1021777-done@bugs.debian.org, 1021838-done@bugs.debian.org, 1021963-done@bugs.debian.org, 1022122-done@bugs.debian.org, 1022860-done@bugs.debian.org, 1023064-done@bugs.debian.org, 1023105-done@bugs.debian.org, 1023118-done@bugs.debian.org, 1023261-done@bugs.debian.org, 1023263-done@bugs.debian.org, 1023423-done@bugs.debian.org, 1023602-done@bugs.debian.org, 1023798-done@bugs.debian.org, 1023981-done@bugs.debian.org, 1024054-done@bugs.debian.org, 1024385-done@bugs.debian.org, 1024480-done@bugs.debian.org, 1024745-done@bugs.debian.org, 1024850-done@bugs.debian.org, 1025010-done@bugs.debian.org, 1025083-done@bugs.debian.org, 1025137-done@bugs.debian.org, 1025173-done@bugs.debian.org, 1025204-done@bugs.debian.org, 1025205-done@bugs.debian.org, 1025323-done@bugs.debian.org, 1025387-done@bugs.debian.org, 1025414-done@bugs.debian.org, 1025553-done@bugs.debian.org, 1025601-done@bugs.debian.org, 1025646-done@bugs.debian.org, 1025651-done@bugs.debian.org, 1025652-done@bugs.debian.org, 1025700-done@bugs.debian.org, 1025710-done@bugs.debian.org, 1025716-done@bugs.debian.org, 1025750-done@bugs.debian.org, 1025754-done@bugs.debian.org, 1025755-done@bugs.debian.org, 1025756-done@bugs.debian.org, 1025758-done@bugs.debian.org, 1025764-done@bugs.debian.org, 1025766-done@bugs.debian.org, 1025773-done@bugs.debian.org, 1025774-done@bugs.debian.org, 1025809-done@bugs.debian.org

Subject: Closing p-u requests for fixes included in 11.6

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 17 Dec 2022 10:57:10 +0000

Message-id: <03e9b90cf2f149b9e2835590c9ec0ccb048b744d.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 11.6

Hi,

Each of the updates referred to in these requests was included in this
morning's 11.6 point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#1023118: marked as done (bullseye-pu: package distro-info-data/0.51+deb11u3)
Next by Date: Bug#1023263: marked as done (bullseye-pu: package clickhouse/18.16.1+ds-4+deb10u1)
Previous by thread: Bug#1023118: marked as done (bullseye-pu: package distro-info-data/0.51+deb11u3)
Next by thread: Bug#1023263: marked as done (bullseye-pu: package clickhouse/18.16.1+ds-4+deb10u1)
Index(es):
- Date
- Thread