Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 29 Mar 2015 14:05:04 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in
 asn1_der_decoding)

Can I get a CVE for this?

This is the git commit
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149



Begin forwarded message:

Date: Sun, 29 Mar 2015 12:04:05 +0200
From: Nikos Mavrogiannopoulos <nmav@...tls.org>
To: help-libtasn1@....org
Subject: GNU Libtasn1 4.4 released


GNU Libtasn1 is a standalone library written in C for manipulating ASN.1
objects including DER/BER encoding/decoding.  GNU Libtasn1 is used by
GnuTLS to handle X.509 structures and by GNU Shishi to handle Kerberos
V5 structures.

* Noteworthy changes in release 4.4 (released 2015-03-29) [stable]
- Corrected a two-byte stack overflow in asn1_der_decoding. Reported
  by Hanno Böck.


Homepage:
  https://www.gnu.org/software/libtasn1/

Here are the compressed sources:
  ftp://ftp.gnu.org/gnu/libtasn1/libtasn1-4.4.tar.gz
  http://ftp.gnu.org/gnu/libtasn1/libtasn1-4.4.tar.gz

Here are GPG detached signatures:
  ftp://ftp.gnu.org/gnu/libtasn1/libtasn1-4.4.tar.gz.sig
  http://ftp.gnu.org/gnu/libtasn1/libtasn1-4.4.tar.gz.sig

If you need help to use Libtasn1, or want to help others, you are
invited to join the help-libtasn1 mailing list, see:
  https://lists.gnu.org/mailman/listinfo/help-libtasn1

All manuals are available from:
  https://www.gnu.org/software/libtasn1/manual/

Direct links to the manual:
  HTML: https://www.gnu.org/software/libtasn1/manual/libtasn1.html
  PDF: https://www.gnu.org/software/libtasn1/manual/libtasn1.pdf

Direct links to the API Reference manual:
  HTML: https://www.gnu.org/software/libtasn1/reference/
  PDF: https://www.gnu.org/software/libtasn1/reference/libtasn1.pdf

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos





-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ