A CVE has been assigned for a security issue fixed in libtasn1 4.8: http://openwall.com/lists/oss-security/2016/04/13/3 Cauldron has been updated. I don't have a link to a patch/commit, but we could just update Mageia 5, as we have updated this package in the past.
Assigning to all packagers collectively, since there is no maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
URL: (none) => http://lwn.net/Vulnerabilities/683994/
Ubuntu has identified the upstream patches: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4008.html and issued an advisory for this on May 2: http://www.ubuntu.com/usn/usn-2957-1/
Done! adding the upstream patch mentioned in comment 2
CC: (none) => geiger.david68210
General Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=5128#c10 Advisory: ======================== Updated libtasn1 packages fix security vulnerability: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service (CVE-2016-4008). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008 http://www.ubuntu.com/usn/usn-2957-1/ ======================== Updated packages in core/updates_testing: ======================== libtasn1_6-4.2-4.1.mga5 libtasn1-tools-4.2-4.1.mga5 libtasn1-devel-4.2-4.1.mga5 from libtasn1-4.2-4.1.mga5.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: (none) => has_procedure
Tested fine using Claire's test procedure, Mageia 5 i586 and x86_64.
Whiteboard: has_procedure => has_procedure MGA5-32-OK MGA5-64-OK
Validated. Advisory ex Comment 4 uploaded.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisoryCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0170.html
Status: NEW => RESOLVEDResolution: (none) => FIXED