On Sat, Feb 08, 2025 at 01:36:39PM +0100, Andreas Metzler wrote: > Control: found -1 4.19.0-1 > > On 2025-02-07 Salvatore Bonaccorso <car...@debian.org> wrote: > [...] > > CVE-2024-12133[0]: > > | Potential DoS in handling of numerous SEQUENCE OF or SET OF elements > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > For further information see: > > > [0] https://security-tracker.debian.org/tracker/CVE-2024-12133 > > https://www.cve.org/CVERecord?id=CVE-2024-12133 > > [1] https://gitlab.com/gnutls/libtasn1/-/issues/52 > > [2] https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html > > [3] > > https://gitlab.com/gnutls/libtasn1/-/commit/4082ca2220b5ba910b546afddf7780fc4a51f75a > > [4] > > https://gitlab.com/gnutls/libtasn1/-/commit/869a97aa259dffa2620dabcad84e1c22545ffc3d > [...] > > Hello Salvatore, > > This seems to be straightforward to fix by applying the two patches. The > certtool test on the upstream bug report showed the expected speedup > with 4.19.0 + the 2 patches.
Hi Andreas, looks good, thanks! Please build with -sa and upload to security-master. Cheers, Moritz