Version in base suite: 4.20.0-2 Base version: libtasn1-6_4.20.0-2 Target version: libtasn1-6_4.20.0-2+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/libt/libtasn1-6/libtasn1-6_4.20.0-2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/libt/libtasn1-6/libtasn1-6_4.20.0-2+deb13u1.dsc changelog | 8 ++++ patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch | 26 ++++++++++++++ patches/series | 1 3 files changed, 35 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpdh14m_sb/libtasn1-6_4.20.0-2.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpdh14m_sb/libtasn1-6_4.20.0-2+deb13u1.dsc: no acceptable signature found diff -Nru libtasn1-6-4.20.0/debian/changelog libtasn1-6-4.20.0/debian/changelog --- libtasn1-6-4.20.0/debian/changelog 2025-02-14 18:07:38.000000000 +0000 +++ libtasn1-6-4.20.0/debian/changelog 2026-06-17 18:48:52.000000000 +0000 @@ -1,3 +1,11 @@ +libtasn1-6 (4.20.0-2+deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * CVE-2025-13151: Stack-based buffer overflow in asn1_expand_octet_string() + (Closes: #1125063) + + -- Adrian Bunk Wed, 17 Jun 2026 21:48:52 +0300 + libtasn1-6 (4.20.0-2) unstable; urgency=medium * Fix autopkgtest by running ./configure. diff -Nru libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch --- libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch 1970-01-01 00:00:00.000000000 +0000 +++ libtasn1-6-4.20.0/debian/patches/0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch 2026-06-17 18:43:57.000000000 +0000 @@ -0,0 +1,26 @@ +From 673ef0883c725c3ab642e71e95bbf1f4fc86c824 Mon Sep 17 00:00:00 2001 +From: Vijay Sarvepalli +Date: Mon, 22 Dec 2025 12:24:27 -0500 +Subject: Fix for CVE-2025-13151 Buffer overflow + +Signed-off-by: Simon Josefsson +--- + lib/decoding.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/decoding.c b/lib/decoding.c +index 1e0fcb3..abcb49f 100644 +--- a/lib/decoding.c ++++ b/lib/decoding.c +@@ -1983,7 +1983,7 @@ int + asn1_expand_octet_string (asn1_node_const definitions, asn1_node *element, + const char *octetName, const char *objectName) + { +- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE]; ++ char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE]; + int retCode = ASN1_SUCCESS, result; + int len, len2, len3; + asn1_node_const p2; +-- +2.47.3 + diff -Nru libtasn1-6-4.20.0/debian/patches/series libtasn1-6-4.20.0/debian/patches/series --- libtasn1-6-4.20.0/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ libtasn1-6-4.20.0/debian/patches/series 2026-06-17 18:48:30.000000000 +0000 @@ -0,0 +1 @@ +0001-Fix-for-CVE-2025-13151-Buffer-overflow.patch