Your message dated Thu, 29 Jan 2026 18:48:50 +0000
with message-id <[email protected]>
and subject line Bug#1125753: fixed in pyasn1 0.6.1-1+deb13u1
has caused the Debian Bug report #1125753,
regarding pyasn1: CVE-2026-23490
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125753: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125753
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pyasn1
Version: 0.6.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for pyasn1.
CVE-2026-23490[0]:
| pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a
| Denial-of-Service issue has been found that leads to memory
| exhaustion from malformed RELATIVE-OID with excessive continuation
| octets. This vulnerability is fixed in 0.6.2.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-23490
https://www.cve.org/CVERecord?id=CVE-2026-23490
[1] https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
[2]
https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pyasn1
Source-Version: 0.6.1-1+deb13u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pyasn1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated pyasn1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 19 Jan 2026 20:21:45 +0100
Source: pyasn1
Architecture: source
Version: 0.6.1-1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Python Team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1125753
Changes:
pyasn1 (0.6.1-1+deb13u1) trixie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed continuation octet limits in OID/RELATIVE-OID decoder
(CVE-2026-23490)
(Closes: #1125753)
Checksums-Sha1:
20886d417141b75fa4dc5513cfa9bbce53513200 2445 pyasn1_0.6.1-1+deb13u1.dsc
ae93682a9df09a73f2154f4ae9ec5dd3f0830f20 145322 pyasn1_0.6.1.orig.tar.gz
e670e196fdab59c0a60d0dd0e1ba2dd62e596dbe 7916
pyasn1_0.6.1-1+deb13u1.debian.tar.xz
a93a2c3174973a687212c58b03331c691c0a392f 6811
pyasn1_0.6.1-1+deb13u1_source.buildinfo
Checksums-Sha256:
a87226cae855feb8b13fdca437d434c8d27e7b90529e226340235d1c2e81bf36 2445
pyasn1_0.6.1-1+deb13u1.dsc
6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034 145322
pyasn1_0.6.1.orig.tar.gz
ada83252bd773e1ce2a21b26a124b71744254630e4e7cdeb4e007cd3250f8008 7916
pyasn1_0.6.1-1+deb13u1.debian.tar.xz
ce75021439a41d69e65acd20f01e35dccca7cdd2a753c1e9cc979a459abca5ae 6811
pyasn1_0.6.1-1+deb13u1_source.buildinfo
Files:
eb7d51c941761dd7f4498dee0a08951f 2445 python optional
pyasn1_0.6.1-1+deb13u1.dsc
75cdc260597f112fdfefec85379e710d 145322 python optional
pyasn1_0.6.1.orig.tar.gz
48c9842adaa9df121110c120cdee881d 7916 python optional
pyasn1_0.6.1-1+deb13u1.debian.tar.xz
521861392b1e47f0a9724f5acf9f8c51 6811 python optional
pyasn1_0.6.1-1+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmlukBVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E4SoP/19rm1saCikC2Qjvf6JK4o2gvx6l+x+p
o4rXg2t2p822HTj50yEQ7B0S6qF9bZvXCPbFAMKKi9B9YoZ4Z8ij/x3YhpKTcnkh
QRoUblIVhi4/9aH/o0JoLz9YJvYlQ0YEh0DvWr78JS47OJN7xMPVVRlcevkQyjEK
FcvFkP+G/EXWDn++xPYxE7GBWMA/Cla5XLkQDsGUQg9f+AVugIK006u7YxdYenAm
cRceIP8GZGnV8v2E3ayHj+cGZ4E77IBLHGe5tvl3tS0bH9cIlRcGhDs1M261M1/P
4KR12Ml0Vz/KqMlprVHTz1dJ/15hShQmD7TeGXmYjrTQEM/cEChtxat3yOAOj2TR
wBExf5Cgs93a9WBL8V4UEmD2tZsxbaMtu+O4OXGhIayXv+YXk5KBeozJn1Rbsvzp
Igmfi7V/2xJtR0nADNJHHk6w1w1TcaSJO9GJHqCu1KgAWNX7q8EXB7Dt0lNyajr5
W9pyJ58dOQiR9SO6D1krGwYwaRWJSkcoUdaLlfhBrFvkfKeVvdN1Vr0Aa3QLnzE3
JI8Ipvr17bLV+I6BleeiQmNqfsid0y4dufwEo/irubAb/NXzYiBRDZtbpUhberC3
gDitKRQfx2KYwyiDtE0HeBmAH5u/DkTGQDW7giZaS+9jGKHzPVI2CHEvd1YHBcT4
NwyBPdhBb9JJ
=B0rI
-----END PGP SIGNATURE-----
pgpzowmYGJWxg.pgp
Description: PGP signature
--- End Message ---
