This project is archived. Its data is read-only.

Commit 3c52e364 authored Apr 13, 2015 by Gustavo Zacarias Committed by Thomas Petazzoni Apr 14, 2015

libksba: security bump to version 1.3.3



Fixes (no CVEs assigned yet):

* integer overflow in the DN decoder src/dn.c (append_quoted,
append_atv)

* integer overflow in the BER decoder src/ber-decoder.c (ber_decoder_s)

* denial of service due to stack overflow in src/ber-decoder.c
(push_decoder_state, pop_decoder_state)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

parent 2c06a807

package/libksba/libksba.hash

+2 −2

Original line number	Diff line number	Diff line
		# From http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
		sha1 37d0893a587354af2b6e49f6ae701ca84f52da67 libksba-1.3.2.tar.bz2
		# Locally calculated after checking pgp signature
		sha256 0c7f5ffe34d0414f6951d9880a46fcc2985c487f7c36369b9f11ad41131c7786 libksba-1.3.3.tar.bz2

package/libksba/libksba.mk

+1 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@
		#
		################################################################################

		LIBKSBA_VERSION = 1.3.2
		LIBKSBA_VERSION = 1.3.3
		LIBKSBA_SOURCE = libksba-$(LIBKSBA_VERSION).tar.bz2
		LIBKSBA_SITE = ftp://ftp.gnupg.org/gcrypt/libksba
		LIBKSBA_LICENSE = LGPLv3+ or GPLv2+ (library, headers), GPLv3+ (manual, tests, build system)