#9288: libtasn1-4.12
-------------------------+-----------------------
Reporter: renodr | Owner: bdubbs@…
Type: enhancement | Status: assigned
Priority: normal | Milestone: 8.1
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Comment (by bdubbs@…):
* Noteworthy changes in release 4.12 (released 2017-05-29) [stable]
- Corrected so-name version
* Noteworthy changes in release 4.11 (released 2017-05-27) [stable]
- Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate
an invalid encoding in the DER time fields.
- Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag
allows decoding errors in time fields even when in strict DER mode.
That is introduced in order to allow toleration of invalid times in
X.509 certificates (which are common) even though strict DER adherence
is enforced in other fields.
- Added safety check in asn1_find_node(). That prevents a crash
when a very long variable name is provided by the developer.
Note that this to be exploited requires controlling the ASN.1
definitions used by the developer, i.e., the 'name' parameter of
asn1_write_value() or asn1_read_value(). The library is
not designed to protect against malicious manipulation of the
developer assigned variable names. Reported by Jakub Jirasek.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/9288#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
