Hi Andreas, On Sat, Feb 08, 2025 at 03:42:47PM +0000, Moritz Mühlenhoff wrote: > On Sat, Feb 08, 2025 at 01:36:39PM +0100, Andreas Metzler wrote: > > Control: found -1 4.19.0-1 > > > > On 2025-02-07 Salvatore Bonaccorso <car...@debian.org> wrote: > > [...] > > > CVE-2024-12133[0]: > > > | Potential DoS in handling of numerous SEQUENCE OF or SET OF elements > > > > > > > If you fix the vulnerability please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > For further information see: > > > > > [0] https://security-tracker.debian.org/tracker/CVE-2024-12133 > > > https://www.cve.org/CVERecord?id=CVE-2024-12133 > > > [1] https://gitlab.com/gnutls/libtasn1/-/issues/52 > > > [2] https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html > > > [3] > > > https://gitlab.com/gnutls/libtasn1/-/commit/4082ca2220b5ba910b546afddf7780fc4a51f75a > > > [4] > > > https://gitlab.com/gnutls/libtasn1/-/commit/869a97aa259dffa2620dabcad84e1c22545ffc3d > > [...] > > > > Hello Salvatore, > > > > This seems to be straightforward to fix by applying the two patches. The > > certtool test on the upstream bug report showed the expected speedup > > with 4.19.0 + the 2 patches. > > Hi Andreas, > looks good, thanks! Please build with -sa and upload to security-master.
Do we need as well the related gnutls28 fix? Regards, Salvatore
