Univention Bugzilla – Bug 52542
p11-kit: Multiple issues (4.4)
Last modified: 2021-01-06 16:53:52 CET
New Debian p11-kit 0.23.3-2+deb9u1 fixes: This update addresses the following issues: * integer overflow when allocating memory for arrays or attributes and object identifiers (CVE-2020-29361) * out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c (CVE-2020-29362)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/p11-kit_0.23.3-2.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/p11-kit_0.23.3-2+deb9u1.dsc @@ -1,3 +1,9 @@ +0.23.3-2+deb9u1 [Mon, 04 Jan 2021 00:35:43 +0200] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2020-29361: Multiple integer overflows. + * CVE-2020-29362: Heap-based buffer over-read. + 0.23.3-2 [Thu, 29 Dec 2016 15:59:00 +0100] Andreas Metzler <ametzler@debian.org>: * Upload to unstable. <http://10.200.17.11/4.4-7/#5118418855229584222>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] ab575dacd2 Bug #52542: p11-kit 0.23.3-2+deb9u1 doc/errata/staging/p11-kit.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.4-7] ac51ddb4f0 Bug #52542: p11-kit 0.23.3-2+deb9u1 doc/errata/staging/p11-kit.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x859>