lp://staging/ubuntu/precise-security/libtasn1-3
- Get this branch:
- bzr branch lp://staging/ubuntu/precise-security/libtasn1-3
Branch merges
Branch information
Recent revisions
- 24. By Marc Deslauriers
-
* SECURITY UPDATE: infinite loop via malformed DER cert
- debian/patches/ CVE-2016- 4008-1. patch: catch invalid input cases early
in lib/decoding.c.
- debian/patches/ CVE-2016- 4008-2. patch: properly account bytes read in
lib/decoding.c.
- CVE-2016-4008 - 23. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_extract_der_octet.
- debian/patches/ CVE-2015- 3622.patch: properly handle length in
lib/decoding.c.
- CVE-2015-3622 - 22. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
overflow in _asn1_ltostr
- debian/patches/ CVE-2015- 2806.patch: introduce LTOSTR_MAX_SIZE and use
in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
lib/parser_ aux.h.
- CVE-2015-2806 - 21. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
invalid ASN.1 data
- debian/patches/ CVE-2014- 3467-3468. patch: properly calculate lengths
in lib/decoding.c.
- CVE-2014-3467
- CVE-2014-3468
* SECURITY UPDATE: denial of service via NULL value
- debian/patches/ CVE-2014- 3469.patch: check for NULLs in lib/element.c.
- CVE-2014-3469 - 20. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
certain large length values.
- debian/patches/ CVE-2012- 1569.diff: return an error when the decoded
length value plus @len would exceed @der_len in lib/decoding.c.
- CVE-2012-1569 - 19. By Martin Pitt
-
debian/rules: Disable compression of NEWS file for now to unbreak
upgrades. Debugging the underlying gzip bug is quite hard and will take
more time than a few hours. (LP: #889303) - 18. By Martin Pitt
-
No-change rebuild to (hopefully) fix unreproducible broken NEWS.gz on
amd64. (LP: #889303) - 17. By Andreas Metzler <email address hidden>
-
[Simon Josefsson]
* Fix Debian BTS URL in --with-packager- bug-reports option. [Andreas Metzler]
* New upstream Version. (Includes workaround for #639818)
* Point watchfile to ftp.gnu.org instead of ftp.gnutls.org.
* [debian/control] Drop priority and section from libtasn1-3 binary package
stanza.
* Update debian/copyright. - 16. By Andreas Metzler <email address hidden>
-
* Merge from Ubuntu (build for multiarch):
+ configure with --libdir=\$${prefix} /lib/$( DEB_HOST_ MULTIARCH) , update
*.install accordingly.
+ Bump cdbs Build-Depends to 0.4.93 (required for expanding
$(DEB_HOST_MULTIARCH) ).
+ Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends} ).
+ runtime library is Multi-Arch: same and has Pre-Depends:
${misc:Pre-Depends} , -bin (helper binaries)
is Multi-Arch: foreign. -dev is unchanged.
* Diverge from the Ubuntu patch by not settting Multi-Arch: same on
-dbg package. It contains debugging symbols for both library and helper
binaries ( e.g. /usr/lib/debug/usr/ bin/asn1Decodin g) and is therefore not
co-installable with itself.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/quantal/libtasn1-3