Your message dated Mon, 19 Jan 2026 10:07:57 +0000
with message-id <[email protected]>
and subject line Bug#1125753: fixed in pyasn1 0.6.2-1
has caused the Debian Bug report #1125753,
regarding pyasn1: CVE-2026-23490
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125753: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125753
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pyasn1
Version: 0.6.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for pyasn1.
CVE-2026-23490[0]:
| pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a
| Denial-of-Service issue has been found that leads to memory
| exhaustion from malformed RELATIVE-OID with excessive continuation
| octets. This vulnerability is fixed in 0.6.2.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-23490
https://www.cve.org/CVERecord?id=CVE-2026-23490
[1] https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
[2]
https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pyasn1
Source-Version: 0.6.2-1
Done: Alexandre Detiste <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pyasn1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexandre Detiste <[email protected]> (supplier of updated pyasn1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 19 Jan 2026 10:34:26 +0100
Source: pyasn1
Architecture: source
Version: 0.6.2-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <[email protected]>
Changed-By: Alexandre Detiste <[email protected]>
Closes: 1125753
Changes:
pyasn1 (0.6.2-1) unstable; urgency=high
.
* Team upload.
* New upstream version 0.6.2
* Fixed continuation octet limits in OID/RELATIVE-OID decoder
CVE-2026-23490 (Closes: #1125753)
* Drop "Rules-Requires-Root: no": it is the default now
* Bump Standards-Version to 4.7.3, drop Priority: tag
* Rewrite d/watch in v5 format
* Add debian/salsa-ci.yml
Checksums-Sha1:
f54a13fdfa19de0bf5abda7bdd458de44fce7622 2263 pyasn1_0.6.2-1.dsc
73ce39f851a0d81e420fa078974168ca3dc7d87a 146586 pyasn1_0.6.2.orig.tar.gz
53326ced9683f08e0d8f61acf4b53b837261c19c 6148 pyasn1_0.6.2-1.debian.tar.xz
c2c082465883c09c4df29523fe381258d86da180 8193 pyasn1_0.6.2-1_source.buildinfo
Checksums-Sha256:
815ce7c670e2bd4be24ed7ac4c7ba0cfa815f068b249d55e1441ef5a00882438 2263
pyasn1_0.6.2-1.dsc
9b59a2b25ba7e4f8197db7686c09fb33e658b98339fadb826e9512629017833b 146586
pyasn1_0.6.2.orig.tar.gz
82734dd3df5503c087ad7a36f566936638bdd02c1809894a2221fa6ce9431a5c 6148
pyasn1_0.6.2-1.debian.tar.xz
38441da1f67beb8fad26fc745d785d953c91ea99bb5bfc5b2b2e107815c6cdc0 8193
pyasn1_0.6.2-1_source.buildinfo
Files:
c6674d94a4b1da209f873fa3965cbb9b 2263 python optional pyasn1_0.6.2-1.dsc
93dbc09023fbd1b724fd8233ffe2a343 146586 python optional
pyasn1_0.6.2.orig.tar.gz
43278d0fc3b86aea32dc9b87d2238a4e 6148 python optional
pyasn1_0.6.2-1.debian.tar.xz
9af664d624932394f96954ec8d6ac100 8193 python optional
pyasn1_0.6.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEj23hBDd/OxHnQXSHMfMURUShdBoFAmlt/boRHHRjaGV0QGRl
Ymlhbi5vcmcACgkQMfMURUShdBru3Q//d4+Hbm4imEe792lMQoIvLEbBJozDAx7R
AHYTdC8X9leSunue1IkUcIMt9C5TJZB2eYRXH8MQbmdoM6nAXKIQLqI/zaFlgIWy
T5yJdqx7JMGAa5BwvYdbpWzo6803xJy8FnduueB3Q4tqAFmPdfX3nYHohKYO8+4e
1JgAqMB1+aNh32bXJHrFmZGzmHQksT33x3UL4IofbM468Qjc55+yQ1Zo3eUA4YqR
ZXrLS9zNsyvXZjgAdeHjmBjAWwZeMgJZ4o0i5oMXSYNN04A8lXAauDn/gOKQnDnI
spvwNYHgPdfmQWLcYZOd+ph4r4kZauY5sSNCoJDrBEZEJ5UsiKJMVUnawMJ2chzv
3xuxvvIxSOwu+3mAwfw95oFNsKu9VRbbiP7/J4VJ/NR7MRlwNDi6WqrpBtS6Rjit
6JW4Kf4tnnOe8kePARS0OjQg/eozI+2fK7KjUY9GII7OF306bVsNMpHQyXYVw4u9
TRlrRZEL6A0Wn6CcpEt5FhQCbIfGInYSl1plhrVyMR5iQ5dp0G2KztgTELFBZDPv
wbSEcY02Wf673bmt0b/PhrfrjLc06EQ2envAIyGjR8phdKG2wz8+rhfCS0afdUNj
A8Cei/UPma9V0JySyNgVDkoiuP2aacljWBTZ5Ee9lx0Zw+YT3yOnXipPR0RY8bQ9
nzhgzl1gu1w=
=QwnM
-----END PGP SIGNATURE-----
pgpax_WwEwxAA.pgp
Description: PGP signature
--- End Message ---
