Your message dated Sat, 10 Jan 2026 06:48:40 +0000
with message-id <[email protected]>
and subject line Bug#1125063: fixed in libtasn1-6 4.21.0-1
has caused the Debian Bug report #1125063,
regarding libtasn1-6: CVE-2025-13151
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125063: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125063
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtasn1-6
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for libtasn1-6.
CVE-2025-13151[0]:
| Stack-based buffer overflow in libtasn1 version: v4.20.0. The
| function fails to validate the size of input data resulting in a
| buffer overflow in asn1_expend_octet_string.
Patch isn't merged yet:
https://gitlab.com/gnutls/libtasn1/-/merge_requests/121
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-13151
https://www.cve.org/CVERecord?id=CVE-2025-13151
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libtasn1-6
Source-Version: 4.21.0-1
Done: Andreas Metzler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libtasn1-6, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated libtasn1-6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 10 Jan 2026 07:31:06 +0100
Source: libtasn1-6
Architecture: source
Version: 4.21.0-1
Distribution: experimental
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 1125063
Changes:
libtasn1-6 (4.21.0-1) experimental; urgency=medium
.
* Update upstream signing key.
(Refreshed A3CC9C870B9D310ABAD4CF2F51722B08FE4745A2 with WKD)
* New upstream version.
+ Fixes CVE-2025-13151 (Stack-based buffer overflow in
asn1_expand_octet_string function). Closes: #1125063
+ Update debian/copyright.
* [lintian] Drop Rules-Requires-Root: no
* [lintian] Drop Priority: optional
* Standards-Version: 4.7.3
Checksums-Sha1:
12eff0d948bb7cec44f3b47904d9afd49aa7dd09 2665 libtasn1-6_4.21.0-1.dsc
2364d792f8f1a7400ddc8d13c41f6c9b48cc53b7 1816537 libtasn1-6_4.21.0.orig.tar.gz
e73f3885b8ace209f84a58dc6427ad7d84e0ac06 1223 libtasn1-6_4.21.0.orig.tar.gz.asc
656136abfee081f308f2cafce872ae5371efbabd 18780
libtasn1-6_4.21.0-1.debian.tar.xz
Checksums-Sha256:
64602c691250e83c500b59c57a360776b695b673b3523b7b15d61ef5ea50474c 2665
libtasn1-6_4.21.0-1.dsc
1d8a444a223cc5464240777346e125de51d8e6abf0b8bac742ac84609167dc87 1816537
libtasn1-6_4.21.0.orig.tar.gz
a81037649b953c9ecb2e8f8fa24cb5c79456fd9af31499d6b753fa6569656807 1223
libtasn1-6_4.21.0.orig.tar.gz.asc
9781748e7d3670ded349ef14ef760537d7b1245b36535c569cfb2ee299f0274c 18780
libtasn1-6_4.21.0-1.debian.tar.xz
Files:
c7d0e8f789063cc95ca8207049f861cf 2665 libs optional libtasn1-6_4.21.0-1.dsc
2ee1d9f3aa66f1e308c46a283aa9a8c2 1816537 libs optional
libtasn1-6_4.21.0.orig.tar.gz
9e9c904bf5fdc954997d20562b44cd5c 1223 libs optional
libtasn1-6_4.21.0.orig.tar.gz.asc
7a6fb7eeb1ea3efe381eaa9f8d1bcedf 18780 libs optional
libtasn1-6_4.21.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmlh83cACgkQpU8BhUOC
FIRejRAAoYm6jZNYZBouLPCUeL6bjKMug8xwgpKzMaoiILNbkKLSETpagpiWdRVC
qz/sOm1t2hZ87fHYUF4FVf+KzAxIaPfy9cdLVBULXIh5dL6xU03qyuMtOgOiXrB8
JGnMhqiXi7Pj3L58pYydtmZYoV8r4xCgUmj86WVxqg/5LNPDY2F6jddRyDVrYzqN
bbGSSZz/fk+l7FJ4shvU9qLTG0r5GyXYE4PRsM/OHyKesZ+879U6Us8pouw6zP4F
p3v3dTm5cchVUVYSbYrXcY64vJ4x3OQtFQ6ZOOUG0FiSKb2MyJt4Uzc/xHV2+ktF
HquK6dT+KycO8PsA6NeXJCiK6ue3soUyWTMb+7l5XjzDIAblA1PZ9/fviJ0bWmA4
d+dcHCzpun1F0QW1iB7Ujs+aftJuS3n+GruhbH74wWnhswpg6WSWwS7sjV8l8tEH
34z4Woxa+MDGG/BsA/sT10ryBYwRPzwhRRHfH7dsPKVlUp4tc6qgUUGVfqbbt4w3
e+/njs4jvx+BHnQZtSI4+HMcpuwzN9zyqQ+rJ52hOssZ/fRIG2Pvn8y7uBR2OnpW
6Q+gc/HfeIM09sbFDdJaWlrT3P3mWloPiZzluC5yYKLBcEtD+lq/5FQhDiSa73Hs
bYx4SxRt11MDVPDT32ZODaG5GcArH8vRz0KcdcxeJV62GbxdwnM=
=SA1D
-----END PGP SIGNATURE-----
pgpFZSSnVj3s3.pgp
Description: PGP signature
--- End Message ---
