libtasn1-6 CVE-2021-46848 - DSA?
Andreas Metzler
ametzler at bebt.de
Sun Oct 30 13:52:14 GMT 2022
On 2022-10-30 Salvatore Bonaccorso <carnil at debian.org> wrote:
> On Sat, Oct 29, 2022 at 07:26:43AM +0200, Andreas Metzler wrote:
>> looking at the links on
>> https://security-tracker.debian.org/tracker/CVE-2021-46848 and the notes
>> there ("[buster] - libtasn1-6 <no-dsa> (Minor issue)") I suspect
>> CVE-2021-46848 does not warrant a DSA for bullseye either. If that is
>> the case I will try for a stable update.
> What is your take on it? Affects primarily asn1_encode_simple_der().
Hello,
I do not know, afaict it also affects asn1_decode_simple_der() and
asn1_decode_simple_ber().
> Marking it no-dsa for bullseye and making an update via a point
> release seems ok.
OK, will do.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list