[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6003/libtasn1

Tue Jan 23 20:17:55 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c98a821f by Salvatore Bonaccorso at 2018-01-23T21:17:10+01:00
Add CVE-2018-6003/libtasn1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -109,7 +109,11 @@ CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID compariso
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...)
 	TODO: check
 CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...)
-	TODO: check
+	- libtasn1-6 4.13-2
+	[jessie] - libtasn1-6 <not-affected> (Vulnerable code introduced in 4.3)
+	- libtasn1-3 <not-affected> (Vulnerable code introduced in 4.3)
+	NOTE: Affected function introduced in: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9 (libtasn1_4_3)
+	NOTE: Fixed by: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 (libtasn1_4_13)
 CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has ...)
 	TODO: check
 CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c98a821f6f659d3d6b14eab875c7a82f7c9a5fcb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c98a821f6f659d3d6b14eab875c7a82f7c9a5fcb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180123/4edb7d61/attachment.html>
