Bug#1095406: libtasn1-6: CVE-2024-12133
Moritz Mühlenhoff
jmm at inutil.org
Sat Feb 8 15:42:47 GMT 2025
On Sat, Feb 08, 2025 at 01:36:39PM +0100, Andreas Metzler wrote:
> Control: found -1 4.19.0-1
>
> On 2025-02-07 Salvatore Bonaccorso <carnil at debian.org> wrote:
> [...]
> > CVE-2024-12133[0]:
> > | Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
>
>
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> > For further information see:
>
> > [0] https://security-tracker.debian.org/tracker/CVE-2024-12133
> > https://www.cve.org/CVERecord?id=CVE-2024-12133
> > [1] https://gitlab.com/gnutls/libtasn1/-/issues/52
> > [2] https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html
> > [3] https://gitlab.com/gnutls/libtasn1/-/commit/4082ca2220b5ba910b546afddf7780fc4a51f75a
> > [4] https://gitlab.com/gnutls/libtasn1/-/commit/869a97aa259dffa2620dabcad84e1c22545ffc3d
> [...]
>
> Hello Salvatore,
>
> This seems to be straightforward to fix by applying the two patches. The
> certtool test on the upstream bug report showed the expected speedup
> with 4.19.0 + the 2 patches.
Hi Andreas,
looks good, thanks! Please build with -sa and upload to security-master.
Cheers,
Moritz
More information about the Pkg-gnutls-maint
mailing list