lp://staging/ubuntu/precise-security/libtasn1-3

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/precise-security/libtasn1-3
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

24. By Marc Deslauriers

* SECURITY UPDATE: infinite loop via malformed DER cert
  - debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early
    in lib/decoding.c.
  - debian/patches/CVE-2016-4008-2.patch: properly account bytes read in
    lib/decoding.c.
  - CVE-2016-4008

23. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_extract_der_octet.
  - debian/patches/CVE-2015-3622.patch: properly handle length in
    lib/decoding.c.
  - CVE-2015-3622

22. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_ltostr
  - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
    in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
    lib/parser_aux.h.
  - CVE-2015-2806

21. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  invalid ASN.1 data
  - debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths
    in lib/decoding.c.
  - CVE-2014-3467
  - CVE-2014-3468
* SECURITY UPDATE: denial of service via NULL value
  - debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c.
  - CVE-2014-3469

20. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  certain large length values.
  - debian/patches/CVE-2012-1569.diff: return an error when the decoded
    length value plus @len would exceed @der_len in lib/decoding.c.
  - CVE-2012-1569

19. By Martin Pitt

debian/rules: Disable compression of NEWS file for now to unbreak
upgrades. Debugging the underlying gzip bug is quite hard and will take
more time than a few hours. (LP: #889303)

18. By Martin Pitt

No-change rebuild to (hopefully) fix unreproducible broken NEWS.gz on
amd64. (LP: #889303)

17. By Andreas Metzler <email address hidden>

[Simon Josefsson]
* Fix Debian BTS URL in --with-packager-bug-reports option.

[Andreas Metzler]
* New upstream Version. (Includes workaround for #639818)
* Point watchfile to ftp.gnu.org instead of ftp.gnutls.org.
* [debian/control] Drop priority and section from libtasn1-3 binary package
  stanza.
* Update debian/copyright.

16. By Andreas Metzler <email address hidden>

* Merge from Ubuntu (build for multiarch):
  + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
    *.install accordingly.
  + Bump cdbs Build-Depends to 0.4.93 (required for expanding
    $(DEB_HOST_MULTIARCH)).
  + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
  + runtime library is Multi-Arch: same and has Pre-Depends:
    ${misc:Pre-Depends}, -bin (helper binaries)
    is Multi-Arch: foreign. -dev is unchanged.
 * Diverge from the Ubuntu patch by not settting Multi-Arch: same on
   -dbg package. It contains debugging symbols for both library and helper
   binaries ( e.g. /usr/lib/debug/usr/bin/asn1Decoding) and is therefore not
   co-installable with itself.

15. By Steve Langasek

* Merge from Debian unstable, remaining changes:
  - build for multiarch.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/quantal/libtasn1-3
This branch contains Public information 
Everyone can see this information.

Subscribers