-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 28 Nov 2021 15:55:28 +0200 Source: opensc Binary: opensc opensc-pkcs11 Architecture: source Version: 0.16.0-3+deb9u2 Distribution: stretch-security Urgency: medium Maintainer: Debian OpenSC Maintainers <pkg-opensc-maint@lists.alioth.debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Description: opensc - Smart card utilities with support for PKCS#15 compatible cards opensc-pkcs11 - Smart card utilities with support for PKCS#15 compatible cards Changes: opensc (0.16.0-3+deb9u2) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring. * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string. * CVE-2019-19479: Incorrect read operation in the Setec driver. * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver. * CVE-2020-26571: Stack-based buffer overflow in the GPK driver. * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver. Checksums-Sha1: ca226285b0a7ac9197b268d126c37e5fb09a1f27 2137 opensc_0.16.0-3+deb9u2.dsc 8a5616ac514c4fbad50b0505dc61f082de3e479c 1760418 opensc_0.16.0.orig.tar.gz b948b1f3f73284c20e4bc55ef7e1bc77cde7c3df 22276 opensc_0.16.0-3+deb9u2.debian.tar.xz Checksums-Sha256: 38a0260beec65b2b719bf3293c71ec9fbd62452c96c709267273ba9a59f551f5 2137 opensc_0.16.0-3+deb9u2.dsc 3ac8c29542bb48179e7086d35a1b8907a4e86aca3de3323c2f48bd74eaaf5729 1760418 opensc_0.16.0.orig.tar.gz af624011599b8edc4aae3b91128d1c87c1adda3b588c0389cd4fb2bf611bf6a4 22276 opensc_0.16.0-3+deb9u2.debian.tar.xz Files: 3afe384f4b5e2943cf7eb862a6ab738e 2137 utils extra opensc_0.16.0-3+deb9u2.dsc 724d128f23cd7a74b28d04300ce7bcbd 1760418 utils extra opensc_0.16.0.orig.tar.gz 4c6cc0c5198638d491bae16ff56ec3ab 22276 utils extra opensc_0.16.0-3+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGkelAACgkQiNJCh6LY mLF7Gg/9EMeWOgfYooTBY1A2goi0ip5m5DMczo6HTf9YsKAQrpgKnF1uI0OgszCL 4+jJAw5NTcu+Zr9+6X03L4nNCEsM41Tll5XLDk4tzrHxOJ/m0fxrvRoKetpyYH6g MwS6jA3yQjX6NvfonYwNmSJwELz9LpE4QFpn5O0GOzSR9hRvUQQhzU1nQ5WqECD3 N+houaJiI2iFGOqwBhReAcVrSlrw4vDdjXVcqZ3L10Jy7vEgikdtr/d86tYiCYSU na8fWMY1rl/tMAxoZtxJWRT41+cn8qjC3EymxcqDfO2XpRdY3S1T1ecEXn/RTl7v 1Z9CovufQiY9N6G7rPXVEBgLnuE8AyEqVjyzEQAqI2lDRTW2k+FNlLC0hGXP6ZBZ IjJ2rN/BHSqH82VT/n/1dX8AM5RgBCe9DIRdvw9wGknTITG7CdgngWHv0mWP7Edo gRkRFDrPYDXBzERFkXYDpFWFbg5Q+Lt7oFAWwWIPHH2vysQypYecwIzl8IwWg7bG B/+oIZe9tQHZz/wCSw4XqjyNgj18ladzBeUBqHG3n3seTgtmb9yUHY54zWZyKzDX qXbd3VC68p+/AVN1pqyHHlw1n3zrCK5H1OJ7vAUaOmeJG77qVCpDByOcCJ3QB6hf Gifc165YAHCISf2lNCNlIyOJpO1aO4etYE5a6d+eRzo8Ipc+gvM= =E0dd -----END PGP SIGNATURE-----