Context Navigation

← Previous Ticket
Next Ticket →

#17429 closed enhancement (fixed)

libksba-1.6.3

Reported by:	Bruce Dubbs	Owned by:	pierre
Priority:	high	Milestone:	11.3
Component:	BOOK	Version:	git
Severity:	normal	Keywords:
Cc:

Description

New point version.

Change History (8)

comment:1 by Douglas R. Reno, 3 years ago

Priority:	normal → high

An additional remote code execution bug has been discovered due to a related issue to CVE-2022-3515.

https://dev.gnupg.org/T6284

This is due to another integer overflow. Not sure if an updated CVE will be assigned, but this needs to be treated with the same response as the prior libksba update. See https://gnupg.org/blog/20221017-pepe-left-the-ksba.html

comment:2 by Douglas R. Reno, 3 years ago

Owner:	changed from blfs-book to Douglas R. Reno
Status:	new → assigned

comment:3 by pierre, 3 years ago

Owner:	changed from Douglas R. Reno to pierre
Status:	assigned → new

comment:4 by pierre, 3 years ago

Status:	new → assigned

comment:5 by pierre, 3 years ago

Update committed at 25bc5c808a65d2. SA pending

comment:6 by pierre, 3 years ago

SA at commit 3816001 in the www repo.

comment:7 by pierre, 3 years ago

Resolution:	→ fixed
Status:	assigned → closed

comment:8 by pierre, 3 years ago

There is a CVE assigned: CVE-2022-47629.

Here are the release notes:

Noteworthy changes in version 1.6.3 (2022-12-06)

Fix another integer overflow in the CRL parser.

Note: See TracTickets for help on using tickets.

Download in other formats: