Bug#1023261: bullseye-pu: package libtasn1-6/4.16.0-2+deb11u1

[Andreas Metzler <ametzler@bebt.de>]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libtasn1-6@packages.debian.org, team@security.debian.org

Hello,

I would like to fix CVE-2021-46848 in bullseye. This was fixed in
sid/testing by new upstream 4.19.0. I already had some correspondence
with debian-security, no DSA is planned.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru libtasn1-6-4.16.0/debian/changelog libtasn1-6-4.16.0/debian/changelog
--- libtasn1-6-4.16.0/debian/changelog	2020-02-15 17:38:59.000000000 +0100
+++ libtasn1-6-4.16.0/debian/changelog	2022-11-01 11:57:42.000000000 +0100
@@ -1,3 +1,10 @@
+libtasn1-6 (4.16.0-2+deb11u1) bullseye; urgency=medium
+
+  * Fix ETYPE_OK out of bounds read. CVE-2021-46848
+    10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
+
+ -- Andreas Metzler <ametzler@debian.org>  Tue, 01 Nov 2022 11:57:42 +0100
+
 libtasn1-6 (4.16.0-2) unstable; urgency=low
 
   * Upload to unstable.
diff -Nru libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
--- libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch	1970-01-01 01:00:00.000000000 +0100
+++ libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch	2022-10-30 13:02:08.000000000 +0100
@@ -0,0 +1,29 @@
+From 44a700d2051a666235748970c2df047ff207aeb5 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Wed, 17 Aug 2022 12:25:06 +0200
+Subject: [PATCH] Fix ETYPE_OK off by one array size check.  Closes: #32.
+
+Reported by David Trabish in
+<https://gitlab.com/gnutls/libtasn1/-/issues/32>.
+
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+---
+ NEWS      | 1 +
+ lib/int.h | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/lib/int.h
++++ b/lib/int.h
+@@ -95,11 +95,11 @@
+ 	case ASN1_ETYPE_SET_OF
+ 
+ #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+-                          (etype) <= _asn1_tags_size && \
++                          (etype) < _asn1_tags_size && \
+                           _asn1_tags[(etype)].desc != NULL)?1:0)
+ 
+ #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+ 	etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \
+ 	etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \
diff -Nru libtasn1-6-4.16.0/debian/patches/series libtasn1-6-4.16.0/debian/patches/series
--- libtasn1-6-4.16.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libtasn1-6-4.16.0/debian/patches/series	2022-11-01 11:57:42.000000000 +0100
@@ -0,0 +1 @@
+10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch

Attachment: signature.asc
Description: PGP signature