--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libtasn1/patches/libtasn1-05-cve-2015-2806.patch Thu Jul 30 17:45:10 2015 -0700
@@ -0,0 +1,44 @@
+Source:
+Internal
+
+Info:
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2806
+Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows
+remote attackers to have unspecified impact via unknown vectors.
+
+Status:
+Need to determine if this patch has been sent upstream.
+
+--- libtasn1-2.8/lib/parser_aux.c.orig 2015-04-15 12:36:59.603251259 +0530
++++ libtasn1-2.8/lib/parser_aux.c 2015-04-15 12:38:34.145677358 +0530
+@@ -580,7 +580,7 @@ _asn1_delete_list_and_nodes (void)
+
+
+ char *
+-_asn1_ltostr (long v, char *str)
++_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE])
+ {
+ long d, r;
+ char temp[20];
+@@ -604,7 +604,7 @@ _asn1_ltostr (long v, char *str)
+ count++;
+ v = d;
+ }
+- while (v);
++ while (v && ((start+count) < LTOSTR_MAX_SIZE-1));
+
+ for (k = 0; k < count; k++)
+ str[k + start] = temp[start + count - k - 1];
+--- libtasn1-2.8/lib/parser_aux.h.orig 2015-04-15 12:38:41.020519734 +0530
++++ libtasn1-2.8/lib/parser_aux.h 2015-04-15 12:40:23.768693524 +0530
+@@ -63,7 +63,9 @@ void _asn1_delete_list (void);
+
+ void _asn1_delete_list_and_nodes (void);
+
+-char *_asn1_ltostr (long v, char *str);
++/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */
++#define LTOSTR_MAX_SIZE 22
++char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]);
+
+ ASN1_TYPE _asn1_find_up (ASN1_TYPE node);
+