Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: libtasn1-6@packages.debian.org, team@security.debian.org Hello, I would like to fix CVE-2021-46848 in bullseye. This was fixed in sid/testing by new upstream 4.19.0. I already had some correspondence with debian-security, no DSA is planned. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru libtasn1-6-4.16.0/debian/changelog libtasn1-6-4.16.0/debian/changelog --- libtasn1-6-4.16.0/debian/changelog 2020-02-15 17:38:59.000000000 +0100 +++ libtasn1-6-4.16.0/debian/changelog 2022-11-01 11:57:42.000000000 +0100 @@ -1,3 +1,10 @@ +libtasn1-6 (4.16.0-2+deb11u1) bullseye; urgency=medium + + * Fix ETYPE_OK out of bounds read. CVE-2021-46848 + 10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch + + -- Andreas Metzler <ametzler@debian.org> Tue, 01 Nov 2022 11:57:42 +0100 + libtasn1-6 (4.16.0-2) unstable; urgency=low * Upload to unstable. diff -Nru libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch --- libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch 1970-01-01 01:00:00.000000000 +0100 +++ libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch 2022-10-30 13:02:08.000000000 +0100 @@ -0,0 +1,29 @@ +From 44a700d2051a666235748970c2df047ff207aeb5 Mon Sep 17 00:00:00 2001 +From: Simon Josefsson <simon@josefsson.org> +Date: Wed, 17 Aug 2022 12:25:06 +0200 +Subject: [PATCH] Fix ETYPE_OK off by one array size check. Closes: #32. + +Reported by David Trabish in +<https://gitlab.com/gnutls/libtasn1/-/issues/32>. + +Signed-off-by: Simon Josefsson <simon@josefsson.org> +--- + NEWS | 1 + + lib/int.h | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +--- a/lib/int.h ++++ b/lib/int.h +@@ -95,11 +95,11 @@ + case ASN1_ETYPE_SET_OF + + #define ETYPE_TAG(etype) (_asn1_tags[etype].tag) + #define ETYPE_CLASS(etype) (_asn1_tags[etype].class) + #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ +- (etype) <= _asn1_tags_size && \ ++ (etype) < _asn1_tags_size && \ + _asn1_tags[(etype)].desc != NULL)?1:0) + + #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \ + etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \ + etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \ diff -Nru libtasn1-6-4.16.0/debian/patches/series libtasn1-6-4.16.0/debian/patches/series --- libtasn1-6-4.16.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libtasn1-6-4.16.0/debian/patches/series 2022-11-01 11:57:42.000000000 +0100 @@ -0,0 +1 @@ +10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch
Attachment:
signature.asc
Description: PGP signature