--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libtasn1/patches/libtasn1-05-cve-2015-2806.patch	Thu Jul 30 17:45:10 2015 -0700
@@ -0,0 +1,44 @@
+Source:
+Internal
+
+Info:
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2806
+Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows 
+remote attackers to have unspecified impact via unknown vectors.
+
+Status:
+Need to determine if this patch has been sent upstream.
+
+--- libtasn1-2.8/lib/parser_aux.c.orig	2015-04-15 12:36:59.603251259 +0530
++++ libtasn1-2.8/lib/parser_aux.c	2015-04-15 12:38:34.145677358 +0530
+@@ -580,7 +580,7 @@ _asn1_delete_list_and_nodes (void)
+ 
+ 
+ char *
+-_asn1_ltostr (long v, char *str)
++_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE])
+ {
+   long d, r;
+   char temp[20];
+@@ -604,7 +604,7 @@ _asn1_ltostr (long v, char *str)
+       count++;
+       v = d;
+     }
+-  while (v);
++  while (v && ((start+count) < LTOSTR_MAX_SIZE-1));
+ 
+   for (k = 0; k < count; k++)
+     str[k + start] = temp[start + count - k - 1];
+--- libtasn1-2.8/lib/parser_aux.h.orig	2015-04-15 12:38:41.020519734 +0530
++++ libtasn1-2.8/lib/parser_aux.h	2015-04-15 12:40:23.768693524 +0530
+@@ -63,7 +63,9 @@ void _asn1_delete_list (void);
+ 
+ void _asn1_delete_list_and_nodes (void);
+ 
+-char *_asn1_ltostr (long v, char *str);
++/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */
++#define LTOSTR_MAX_SIZE 22
++char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]);
+ 
+ ASN1_TYPE _asn1_find_up (ASN1_TYPE node);
+