Date: Sun, 29 Mar 2015 14:05:04 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding) Can I get a CVE for this? This is the git commit http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 Begin forwarded message: Date: Sun, 29 Mar 2015 12:04:05 +0200 From: Nikos Mavrogiannopoulos <nmav@...tls.org> To: help-libtasn1@....org Subject: GNU Libtasn1 4.4 released GNU Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding/decoding. GNU Libtasn1 is used by GnuTLS to handle X.509 structures and by GNU Shishi to handle Kerberos V5 structures. * Noteworthy changes in release 4.4 (released 2015-03-29) [stable] - Corrected a two-byte stack overflow in asn1_der_decoding. Reported by Hanno Böck. Homepage: https://www.gnu.org/software/libtasn1/ Here are the compressed sources: ftp://ftp.gnu.org/gnu/libtasn1/libtasn1-4.4.tar.gz http://ftp.gnu.org/gnu/libtasn1/libtasn1-4.4.tar.gz Here are GPG detached signatures: ftp://ftp.gnu.org/gnu/libtasn1/libtasn1-4.4.tar.gz.sig http://ftp.gnu.org/gnu/libtasn1/libtasn1-4.4.tar.gz.sig If you need help to use Libtasn1, or want to help others, you are invited to join the help-libtasn1 mailing list, see: https://lists.gnu.org/mailman/listinfo/help-libtasn1 All manuals are available from: https://www.gnu.org/software/libtasn1/manual/ Direct links to the manual: HTML: https://www.gnu.org/software/libtasn1/manual/libtasn1.html PDF: https://www.gnu.org/software/libtasn1/manual/libtasn1.pdf Direct links to the API Reference manual: HTML: https://www.gnu.org/software/libtasn1/reference/ PDF: https://www.gnu.org/software/libtasn1/reference/libtasn1.pdf The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ