-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 30 May 2016 18:03:02 +0200 Source: libtasn1-3 Binary: libtasn1-3-dev libtasn1-3-dbg libtasn1-3 libtasn1-3-bin Architecture: source i386 Version: 2.13-2+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libtasn1-3 - Manage ASN.1 structures (runtime) libtasn1-3-bin - Manage ASN.1 structures (binaries) libtasn1-3-dbg - Manage ASN.1 structures (debugging symbols) libtasn1-3-dev - Manage ASN.1 structures (development) Changes: libtasn1-3 (2.13-2+deb7u3) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2016-4008: infinite loop while parsing DER certificates The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. Checksums-Sha1: f319e711317856ea87b298a79493ce421945f9f9 2449 libtasn1-3_2.13-2+deb7u3.dsc 89120584bfedd244dab92df99e955a174c481851 1964659 libtasn1-3_2.13.orig.tar.gz 675c03d801cdb268641b7049cb847d4f0477c51e 12997 libtasn1-3_2.13-2+deb7u3.debian.tar.gz 469b84e6fb889faa46fd6b987caf8593ce60b513 386324 libtasn1-3-dev_2.13-2+deb7u3_i386.deb 5ee72f4fb73f4c0ea3b364dcc25bd8f08d9ad8a6 145974 libtasn1-3-dbg_2.13-2+deb7u3_i386.deb 4223592b48ea54bbc1a03096e9d56d0314d3f746 68652 libtasn1-3_2.13-2+deb7u3_i386.deb 5af5ae19dd34f24c3d1f462b8cc5a8f249047603 52532 libtasn1-3-bin_2.13-2+deb7u3_i386.deb Checksums-Sha256: ca560f91c6285bca3e646e00edd5877b60960db60991f27b7a5870645d120485 2449 libtasn1-3_2.13-2+deb7u3.dsc a56e46483d1d42fe44ba58c9758620844042468d7c2d75f6318cdf3222745a91 1964659 libtasn1-3_2.13.orig.tar.gz a1dd6bcb4571cea300192c7bd29ff5b33d4e53684d29cb6bd2fb4c05f2bf9fe1 12997 libtasn1-3_2.13-2+deb7u3.debian.tar.gz 9af7b6bfd37b940e9e55aa3d6556ff3f914714e5faeb459ebe2e1d9715718ba1 386324 libtasn1-3-dev_2.13-2+deb7u3_i386.deb d2abcfe31fd65d2defb3827d13b2b3d2f35815bf186eb52a4ffe1146ee2108c7 145974 libtasn1-3-dbg_2.13-2+deb7u3_i386.deb 31f263aa5ab3ef608fd15ea7e81bcb0afab0c7bddd557ac917a954f46bd0909a 68652 libtasn1-3_2.13-2+deb7u3_i386.deb f8c786a21361802717269ca3980d3a5314e10628458bfc2a9530274620597609 52532 libtasn1-3-bin_2.13-2+deb7u3_i386.deb Files: 5e080b4638e619c572d6234ad5710363 2449 libs standard libtasn1-3_2.13-2+deb7u3.dsc df27eaddcc46172377e6b907e33ddc83 1964659 libs standard libtasn1-3_2.13.orig.tar.gz 4308f8c9403584121a64b21332650ea7 12997 libs standard libtasn1-3_2.13-2+deb7u3.debian.tar.gz 5be6717026b2b41d342425c8d89a0535 386324 libdevel optional libtasn1-3-dev_2.13-2+deb7u3_i386.deb 821747894d52dbeb80ec6d43d2d56f67 145974 debug extra libtasn1-3-dbg_2.13-2+deb7u3_i386.deb 2247bdd066e7241aefe622186ecfdf85 68652 libs standard libtasn1-3_2.13-2+deb7u3_i386.deb 8bb7ed84424382ba542c3b26db46bab1 52532 devel extra libtasn1-3-bin_2.13-2+deb7u3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXTIIjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH0CgQAIDFF9kGCzrC0YQEaaERfl3R XS87mmm6k4rc+fIjIlwSWsouVNZmHTtQX2V9azRg20G79XMjDgmzJC/nj+Gg2/xn tY7nWpGf1pNT5rQbSA/vM6N7aMZ7y/24ddt6YmD9b/hg/BkwsKQSX+yKHsTuRKUK f5HF3V3UaYtwu6gI7oczp6AxNubdbgthJ5SqFmXAYAgM3Sl/O+tTQHsneADaW1Z7 9kiZBfgnD44nCcuXgpw6S5DztqbMUQSxLSn1rXkEN9gfnmhGfFSbY7QXwCjRKeOs ec2sh0ID0DlDhs7mnoHXMe5B2fiP8FUyxgdwS4WLvQ4aKhBzuVnd7P/ru8NBTADX hMwIk9g4gXg6fbjkEr9cOtsBWDZud4ZpxHhAhW8GKzkGIOswqjrKuVHa15n7qqYD mp4rcnOcp6Nj6bgs52xtzIa5Feapejkt8qn9XxgO3PuuWAdSECRQ3eRSbmvYSyPv 6J1cJGyqrtNYHWftilDmefhPsdLNRDnXm4l7cPbeMz+FAVsLk+9rOvTTSeG6vyM0 YAxuqeZn8aajRHwzC37wfr+cg7GK6pk9DrTMXdCyV64JyMM585YdcHv6HLl+61aD puK6jBIiczBpih3FBD8U99h1AiA6T67rcKJLK15vYew1XSAbQNTawMA/rQ7qVsvn PhQYoqcX9yzDEDtyptUU =2yrJ -----END PGP SIGNATURE-----