SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libksba-debugsource-1.3.5-150000.4.6.1.x86_64.rpm :

* Tue Jan 03 2023 pmonrealAATTsuse.com- Security fix: [bsc#1206579, CVE-2022-47629]
* Integer overflow in the CRL signature parser.
* Add libksba-CVE-2022-47629.patch
* Mon Oct 17 2022 pmonrealAATTsuse.com- Security fix: [bsc#1204357, CVE-2022-3515]
* Detect a possible overflow directly in the TLV parser.
* Add libksba-CVE-2022-3515.patch
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Mon Aug 22 2016 astiegerAATTsuse.com- libksba 1.3.5:
* Limit the allowed size of complex ASN.1 objects (e.g. certificates) to 16MiB.
* Avoid read access to unitialized memory.
* Improve detection of invalid RDNs.
* Encode the OCSP nonce value as an octet string as described by RFC-6960.
* Tue May 10 2016 astiegerAATTsuse.com- libksba 1.3.4:
* Fixed two OOB read access bugs which could be used to force a DoS. boo#979261 CVE-2016-4574, CVE-2016-4579
* Fixed a crash due to faulty curve OID lookup code.
* Synced the list of supported curves with those of Libgcrypt.
* New configure option --enable-build-timestamp; a build timestamp is not anymore used by default.
* Fri Apr 10 2015 astiegerAATTsuse.com- libksba 1.3.3:
* Fixed an integer overflow in the DN decoder.
* Now returns an error instead of terminating the process for certain bad BER encodings.
* Improved the parsing of utf-8 strings in DNs.
* Allow building with newer versions of Bison.
* Thu Mar 19 2015 astiegerAATTsuse.com- remove libtool requirement
* Wed Nov 26 2014 andreas.stiegerAATTgmx.de- libksba 1.3.2 [boo#907074] [CVE-2014-9087] This version contains a security update which fixes a buffer overflow in OID to string conversion code that can be triggered by a specially crafted S/MIME message or ECC based OpenPGP data. Users of GnuPG 2.x should install this version and restart the dirmgr process.
* Fixed a buffer overflow in ksba_oid_to_str.- verify source signature
* Sun Sep 21 2014 andreas.stiegerAATTgmx.de- libksba 1.3.1:
* Fixed memory leak in CRL parsing
* Build fixes for ppc64el
* Tue Nov 27 2012 meissnerAATTsuse.com- Use URL for source
  
ICM