--- /dev/null
+From 8070c6a4931801b6550c79c5766dfd3a99976036 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 8 Jul 2021 14:48:36 +0800
+Subject: [PATCH] Merge pull request #15 from danaj/danaj/unsafe-decoding
+
+Upstream-Status: Backport[https://github.com/gbarr/perl-Convert-ASN1/commit/108e784417db7893f348c381c837537c3bd39373]
+CVE: CVE-2013-7488
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ lib/Convert/ASN1/_decode.pm | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
+index cd173f9..495e1bf 100644
+--- a/lib/Convert/ASN1/_decode.pm
++++ b/lib/Convert/ASN1/_decode.pm
+@@ -683,12 +683,14 @@ sub _scan_indef {
+ $pos += 2;
+ next;
+ }
++ return if $pos >= $end;
+
+ my $tag = substr($_[0], $pos++, 1);
+
+ if((unpack("C",$tag) & 0x1f) == 0x1f) {
+ my $b;
+ do {
++ return if $pos >= $end;
+ $tag .= substr($_[0],$pos++,1);
+ $b = ord substr($tag,-1);
+ } while($b & 0x80);
+--
+2.17.1
+
LICENSE = "Artistic-1.0 | GPL-1.0+"
LIC_FILES_CHKSUM = "file://README.md;beginline=91;endline=97;md5=ceff7fd286eb6d8e8e0d3d23e096a63f"
-SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz"
+SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz \
+ file://CVE-2013-7488.patch"
SRC_URI[md5sum] = "68723e96be0b258a9e20480276e8a62c"
SRC_URI[sha256sum] = "74a4a78ae0c5e973100ac0a8f203a110f76fb047b79dae4fc1fd7d6814d3d58a"
