[AutoPR- Security] Patch libtasn1 for CVE-2025-13151 [LOW]

SPECS/libtasn1/CVE-2025-13151.patch

@@ -0,0 +1,28 @@
+From ba613b5959cfac19710ebd300e9391aa5d7c0eac Mon Sep 17 00:00:00 2001
+From: Vijay Sarvepalli <[email protected]>
+Date: Mon, 22 Dec 2025 12:24:27 -0500
+Subject: [PATCH] Fix for CVE-2025-13151 Buffer overflow
+
+Signed-off-by: Simon Josefsson <[email protected]>
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8.patch
+---
+ lib/decoding.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/decoding.c b/lib/decoding.c
+index b9245c4..bc45138 100644
+--- a/lib/decoding.c
++++ b/lib/decoding.c
+@@ -1976,7 +1976,7 @@ int
+ asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element,
+ 			  const char *octetName, const char *objectName)
+ {
+-  char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
++  char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE];
+   int retCode = ASN1_SUCCESS, result;
+   int len, len2, len3;
+   asn1_node_const p2;
+-- 
+2.45.4
+

SPECS/libtasn1/libtasn1.spec

@@ -1,14 +1,15 @@
 Summary:        ASN.1 library
 Name:           libtasn1
 Version:        4.19.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv3+ AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Libraries
 URL:            https://www.gnu.org/software/libtasn1/
 Source0:        https://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz
 Patch0:         CVE-2024-12133.patch
+Patch1:         CVE-2025-13151.patch
 Provides:       libtasn1-tools = %{version}-%{release}
 
 %description
@@ -58,6 +59,9 @@ make %{?_smp_mflags} check
 %{_mandir}/man3/*
 
 %changelog
+* Wed Jan 14 2026 Azure Linux Security Servicing Account <[email protected]> - 4.19.0-3
+- Patch for CVE-2025-13151
+
 * Fri Feb 21 2025 Ankita Pareek <[email protected]> - 4.19.0-2
 - Address CVE-2024-12133
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -228,7 +228,7 @@ mariner-repos-shared-2.0-9.cm2.noarch.rpm
 mariner-repos-2.0-9.cm2.noarch.rpm
 libffi-3.4.2-3.cm2.aarch64.rpm
 libffi-devel-3.4.2-3.cm2.aarch64.rpm
-libtasn1-4.19.0-2.cm2.aarch64.rpm
+libtasn1-4.19.0-3.cm2.aarch64.rpm
 p11-kit-0.24.1-1.cm2.aarch64.rpm
 p11-kit-trust-0.24.1-1.cm2.aarch64.rpm
 ca-certificates-shared-2.0.0-25.cm2.noarch.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -228,7 +228,7 @@ mariner-repos-shared-2.0-9.cm2.noarch.rpm
 mariner-repos-2.0-9.cm2.noarch.rpm
 libffi-3.4.2-3.cm2.x86_64.rpm
 libffi-devel-3.4.2-3.cm2.x86_64.rpm
-libtasn1-4.19.0-2.cm2.x86_64.rpm
+libtasn1-4.19.0-3.cm2.x86_64.rpm
 p11-kit-0.24.1-1.cm2.x86_64.rpm
 p11-kit-trust-0.24.1-1.cm2.x86_64.rpm
 ca-certificates-shared-2.0.0-25.cm2.noarch.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -204,9 +204,9 @@ libssh2-debuginfo-1.9.0-4.cm2.aarch64.rpm
 libssh2-devel-1.9.0-4.cm2.aarch64.rpm
 libstdc++-11.2.0-9.cm2.aarch64.rpm
 libstdc++-devel-11.2.0-9.cm2.aarch64.rpm
-libtasn1-4.19.0-2.cm2.aarch64.rpm
-libtasn1-debuginfo-4.19.0-2.cm2.aarch64.rpm
-libtasn1-devel-4.19.0-2.cm2.aarch64.rpm
+libtasn1-4.19.0-3.cm2.aarch64.rpm
+libtasn1-debuginfo-4.19.0-3.cm2.aarch64.rpm
+libtasn1-devel-4.19.0-3.cm2.aarch64.rpm
 libtool-2.4.6-8.cm2.aarch64.rpm
 libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm
 libxml2-2.10.4-9.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -210,9 +210,9 @@ libssh2-debuginfo-1.9.0-4.cm2.x86_64.rpm
 libssh2-devel-1.9.0-4.cm2.x86_64.rpm
 libstdc++-11.2.0-9.cm2.x86_64.rpm
 libstdc++-devel-11.2.0-9.cm2.x86_64.rpm
-libtasn1-4.19.0-2.cm2.x86_64.rpm
-libtasn1-debuginfo-4.19.0-2.cm2.x86_64.rpm
-libtasn1-devel-4.19.0-2.cm2.x86_64.rpm
+libtasn1-4.19.0-3.cm2.x86_64.rpm
+libtasn1-debuginfo-4.19.0-3.cm2.x86_64.rpm
+libtasn1-devel-4.19.0-3.cm2.x86_64.rpm
 libtool-2.4.6-8.cm2.x86_64.rpm
 libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm
 libxml2-2.10.4-9.cm2.x86_64.rpm