Memory overreads in ASN1 parsing (CVE-2014-3467) NULL dereferences in ASN1 parsing (CVE-2014-3468, CVE-2014-3469)
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors (CVE-2015-2806) Original report says: "This is only in the asn1 definition parser, not in the asn1 parser itself, so the impact is probably minor." Note: GNU Libtasn1 is used by GnuTLS to handle X.509 structures.
2.7-1+squeeze+3 has been imported and built. The version number should be between UCS 3.1 and UCS 3.2.
Created attachment 7147 [details] 3.1-libtasn1-3.txt
OK: aptitude install '?source-package(^libtasn1-3$)~i' OK: zless /usr/share/doc/libtasn1-3/changelog.Debian.gz (2.7-1+squeeze1..2.7-1+squeeze3] OK: CVE-2015-2806 2.7-1+squeeze3 OK: CVE-2014-3467 2.7-1+squeeze+2 OK: CVE-2014-3468 2.7-1+squeeze+2 OK: CVE-2014-3469 2.7-1+squeeze+2 OK: Attachemnt 7147 OK: repo_stat.py libtasn1-3 2.7-1+squeeze1 imported on 2012-03-28 14:41:31.774134 (version fixed fpr repo-ng: squeeze+1 -> squeeze1) Included in scope errata3.0-1 for release tag 3.0-0-0 (42866) 2.7-1+squeeze+3 imported on 2015-09-01 08:22:36.109489 Included in scope extsec3.1 for release tag 3.1-0-0 (75376) 2.7-1+squeeze+2 imported on 2014-12-17 18:05:16.809562 Included in scope errata3.2-4 for release tag 3.2-0-0 (70888) OK: ucr set version/version=3.2 version/patchlevel=7 ; apt-get -qq update ; apt-cache policy libtasn1-3 2.7-1.17.201412171926 0 500 http://univention-repository.knut.univention.de/3.2/maintained/ 3.2-5/i386/ Packages *** 2.7-1.13.201509010828 0 500 http://omar.knut.univention.de/build2/ ucs_3.1-0-extsec3.1/i386/ Packages 100 /var/lib/dpkg/status 2.7-1.12.201203281442 0 500 http://univention-repository.knut.univention.de/3.0/maintained/ 3.0-2/i386/ Packages
Published