Created by Ubuntu Package Importer on 2012-05-05 and last modified on 2016-04-26
Get this branch:
bzr branch lp:ubuntu/precise-security/libtasn1-3
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

24. By Marc Deslauriers on 2016-04-26

* SECURITY UPDATE: infinite loop via malformed DER cert
  - debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early
    in lib/decoding.c.
  - debian/patches/CVE-2016-4008-2.patch: properly account bytes read in
  - CVE-2016-4008

23. By Marc Deslauriers on 2015-05-01

* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_extract_der_octet.
  - debian/patches/CVE-2015-3622.patch: properly handle length in
  - CVE-2015-3622

22. By Marc Deslauriers on 2015-04-02

* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_ltostr
  - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
    in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
  - CVE-2015-2806

21. By Marc Deslauriers on 2014-07-18

* SECURITY UPDATE: denial of service and possible code execution via
  invalid ASN.1 data
  - debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths
    in lib/decoding.c.
  - CVE-2014-3467
  - CVE-2014-3468
* SECURITY UPDATE: denial of service via NULL value
  - debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c.
  - CVE-2014-3469

20. By Marc Deslauriers on 2012-04-24

* SECURITY UPDATE: denial of service and possible code execution via
  certain large length values.
  - debian/patches/CVE-2012-1569.diff: return an error when the decoded
    length value plus @len would exceed @der_len in lib/decoding.c.
  - CVE-2012-1569

19. By Martin Pitt on 2011-11-14

debian/rules: Disable compression of NEWS file for now to unbreak
upgrades. Debugging the underlying gzip bug is quite hard and will take
more time than a few hours. (LP: #889303)

18. By Martin Pitt on 2011-11-14

No-change rebuild to (hopefully) fix unreproducible broken NEWS.gz on
amd64. (LP: #889303)

17. By Andreas Metzler <email address hidden> on 2011-10-31

[Simon Josefsson]
* Fix Debian BTS URL in --with-packager-bug-reports option.

[Andreas Metzler]
* New upstream Version. (Includes workaround for #639818)
* Point watchfile to ftp.gnu.org instead of ftp.gnutls.org.
* [debian/control] Drop priority and section from libtasn1-3 binary package
* Update debian/copyright.

16. By Andreas Metzler <email address hidden> on 2011-06-18

* Merge from Ubuntu (build for multiarch):
  + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
    *.install accordingly.
  + Bump cdbs Build-Depends to 0.4.93 (required for expanding
  + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
  + runtime library is Multi-Arch: same and has Pre-Depends:
    ${misc:Pre-Depends}, -bin (helper binaries)
    is Multi-Arch: foreign. -dev is unchanged.
 * Diverge from the Ubuntu patch by not settting Multi-Arch: same on
   -dbg package. It contains debugging symbols for both library and helper
   binaries ( e.g. /usr/lib/debug/usr/bin/asn1Decoding) and is therefore not
   co-installable with itself.

15. By Steve Langasek on 2011-05-20

* Merge from Debian unstable, remaining changes:
  - build for multiarch.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.