libtasn1-6 CVE-2021-46848 - DSA?
Salvatore Bonaccorso
carnil at debian.org
Sun Oct 30 08:03:16 GMT 2022
Hi Andreas,
On Sat, Oct 29, 2022 at 07:26:43AM +0200, Andreas Metzler wrote:
> Hello,
>
> looking at the links on
> https://security-tracker.debian.org/tracker/CVE-2021-46848 and the notes
> there ("[buster] - libtasn1-6 <no-dsa> (Minor issue)") I suspect
> CVE-2021-46848 does not warrant a DSA for bullseye either. If that is
> the case I will try for a stable update.
What is your take on it? Affects primarily asn1_encode_simple_der().
Marking it no-dsa for bullseye and making an update via a point
release seems ok.
Regards,
Salvatore
More information about the Pkg-gnutls-maint
mailing list