From 66a67b0c8972debd572096a47f4d055ec0569b4e8235c39e776674276f2b58b5 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 26 Jan 2018 12:35:01 +0000 Subject: [PATCH] Accepting request 568531 from Base:System Added CVE reference (forwarded request 568530 from kbabioch) OBS-URL: https://build.opensuse.org/request/show/568531 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libtasn1?expand=0&rev=43 --- libtasn1-4.12.tar.gz | 3 --- libtasn1-4.12.tar.gz.sig | 11 ----------- libtasn1-4.13.tar.gz | 3 +++ libtasn1-4.13.tar.gz.sig | 11 +++++++++++ libtasn1.changes | 8 ++++++++ libtasn1.spec | 4 ++-- 6 files changed, 24 insertions(+), 16 deletions(-) delete mode 100644 libtasn1-4.12.tar.gz delete mode 100644 libtasn1-4.12.tar.gz.sig create mode 100644 libtasn1-4.13.tar.gz create mode 100644 libtasn1-4.13.tar.gz.sig diff --git a/libtasn1-4.12.tar.gz b/libtasn1-4.12.tar.gz deleted file mode 100644 index d7f6b71..0000000 --- a/libtasn1-4.12.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6753da2e621257f33f5b051cc114d417e5206a0818fe0b1ecfd6153f70934753 -size 1888450 diff --git a/libtasn1-4.12.tar.gz.sig b/libtasn1-4.12.tar.gz.sig deleted file mode 100644 index 9fcf5f2..0000000 --- a/libtasn1-4.12.tar.gz.sig +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEqBLL/fzcTQvnoJMSnV6q9pATuEIFAlkrpskACgkQnV6q9pAT -uEJUDAgAvuyk8OiDjuaZGAgNo1ggReWsgAjjW/rPnkdKEdjjz4jJtx/fh6OTgJeq -zJXy4VhtQyFOLL4MHqshqKij69Cj5sCbIMGkfoLhkz8YnWD4hM3qe7p3LfeupZFH -Wje3nwtsqY4gnwePeKeZBSv8zRlVEgGQH/wN+fikJDi8+Zt+DWWEdXEm8/ry1P1e -xLjRSHxqQpcpI4IGu2rFbV+0TgOxRfU75pswie9JU3FsNrmQvX7VXPEK+zbUGkDx -nM+h3Yb3TQ2jTkDAohYdir3vNEO7cYg42E3tGrx4q1s0f8PAhrSSk+gv/6qorphR -Oq0AUB3eH6vjBVTGvO3wtP/MUfYJ4g== -=4+2H ------END PGP SIGNATURE----- diff --git a/libtasn1-4.13.tar.gz b/libtasn1-4.13.tar.gz new file mode 100644 index 0000000..ab443c5 --- /dev/null +++ b/libtasn1-4.13.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7e528e8c317ddd156230c4e31d082cd13e7ddeb7a54824be82632209550c8cca +size 1891703 diff --git a/libtasn1-4.13.tar.gz.sig b/libtasn1-4.13.tar.gz.sig new file mode 100644 index 0000000..006d806 --- /dev/null +++ b/libtasn1-4.13.tar.gz.sig @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEqBLL/fzcTQvnoJMSnV6q9pATuEIFAlpeOtEACgkQnV6q9pAT +uEIWNAf/YnmT4u3ShAfhUKE4sIap+8ivG5AxCPw1Rwgwc8qcS2VKOVeiwYTWmt9t +g5CDrVu27DTPbCkdS7sTKrHQT3Pjc2DRJWHJbaHr5J717sNp50XWWXjNyZGrmyN4 +ais1d7no0GMXRsR6SUOFi+M52Q/vWhhYz4gaDAV9XSOqbJ6MPiw4BhjqyVSQ4lwD +Lfn4upk+1JFjzCpVft7iXrx1P4RXvFJC1sBYpUJAbdm9y0rO5jGiY7EHokDNq1rT +71hBWUclo37GsJnF65CRD1Mb5/wdZxm2wvEL/SFlHKqnY/uB3y4u7il91fi9zrwY +mDmVimu7E563pqum16000pybZIEmFw== +=LTAv +-----END PGP SIGNATURE----- diff --git a/libtasn1.changes b/libtasn1.changes index 8c64ca4..a2ab151 100644 --- a/libtasn1.changes +++ b/libtasn1.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Jan 19 16:03:20 UTC 2018 - kbabioch@suse.com + +- update to 4.13 + * On indefinite string decoding, set a maximum level of allowed + recursions (3) to protect the BER decoder from a stack exhaustion. + (CVE-2018-6003 boo#1076832) + ------------------------------------------------------------------- Sun Jun 4 19:41:21 UTC 2017 - astieger@suse.com diff --git a/libtasn1.spec b/libtasn1.spec index 1900df9..32a70a0 100644 --- a/libtasn1.spec +++ b/libtasn1.spec @@ -1,7 +1,7 @@ # # spec file for package libtasn1 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define somajor 6 Name: libtasn1 -Version: 4.12 +Version: 4.13 Release: 0 Summary: ASN.1 parsing library License: LGPL-2.1+ and GPL-3.0