Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#17429 closed enhancement (fixed)

libksba-1.6.3

Reported by: Bruce Dubbs Owned by: pierre
Priority: high Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (8)

comment:1 by Douglas R. Reno, 2 years ago

Priority: normalhigh

An additional remote code execution bug has been discovered due to a related issue to CVE-2022-3515.

https://dev.gnupg.org/T6284

This is due to another integer overflow. Not sure if an updated CVE will be assigned, but this needs to be treated with the same response as the prior libksba update. See https://gnupg.org/blog/20221017-pepe-left-the-ksba.html

comment:2 by Douglas R. Reno, 2 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by pierre, 2 years ago

Owner: changed from Douglas R. Reno to pierre
Status: assignednew

comment:4 by pierre, 2 years ago

Status: newassigned

comment:5 by pierre, 2 years ago

Update committed at 25bc5c808a65d2. SA pending

comment:6 by pierre, 2 years ago

SA at commit 3816001 in the www repo.

comment:7 by pierre, 2 years ago

Resolution: fixed
Status: assignedclosed

comment:8 by pierre, 2 years ago

There is a CVE assigned: CVE-2022-47629.

Here are the release notes:

Noteworthy changes in version 1.6.3 (2022-12-06)

Fix another integer overflow in the CRL parser.

Note: See TracTickets for help on using tickets.