Bug#1095406: libtasn1-6: CVE-2024-12133
Andreas Metzler
ametzler at bebt.de
Sat Feb 8 12:36:39 GMT 2025
Control: found -1 4.19.0-1
On 2025-02-07 Salvatore Bonaccorso <carnil at debian.org> wrote:
[...]
> CVE-2024-12133[0]:
> | Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
> [0] https://security-tracker.debian.org/tracker/CVE-2024-12133
> https://www.cve.org/CVERecord?id=CVE-2024-12133
> [1] https://gitlab.com/gnutls/libtasn1/-/issues/52
> [2] https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html
> [3] https://gitlab.com/gnutls/libtasn1/-/commit/4082ca2220b5ba910b546afddf7780fc4a51f75a
> [4] https://gitlab.com/gnutls/libtasn1/-/commit/869a97aa259dffa2620dabcad84e1c22545ffc3d
[...]
Hello Salvatore,
This seems to be straightforward to fix by applying the two patches. The
certtool test on the upstream bug report showed the expected speedup
with 4.19.0 + the 2 patches.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 4.19.0-2+deb12u1.deb.diff
Type: text/x-diff
Size: 10276 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20250208/114481a7/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20250208/114481a7/attachment-0001.sig>
More information about the Pkg-gnutls-maint
mailing list