Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted opensc 0.21.0-1+deb11u1 (source) into oldstable-security
Date: Sat, 28 Dec 2024 12:40:20 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Dec 2024 02:07:33 +0100
Source: opensc
Architecture: source
Version: 0.21.0-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian OpenSC Maintainers <pkg-opensc-maint@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1037021 1055521 1055522 1064189 1082853 1082859 1082860 1082861 1082862 1082863 1082864
Changes:
 opensc (0.21.0-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2021-34193: Stack overflow vulnerability in OpenSC smart card
     middleware via crafted responses to APDUs.
   * Fix CVE-2021-42778: Heap double free issue in sc_pkcs15_free_tokeninfo().
   * Fix CVE-2021-42779: Heap use after free issue sc_file_valid().
   * Fix CVE-2021-42780: Use after return issue insert_pin().
   * Fix CVE-2021-42781. Heap buffer overflow in pkcs15-oberthur.c.
   * Fix CVE-2021-42782: Multiple stack buffer overflow issues.
   * Fix CVE-2023-2977: Buffer overrun vulnerability in pkcs15's
     cardos_have_verifyrc_package(). (Closes: #1037021)
   * Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5
     padding in OpenSC. (Closes: #1064189)
   * Fix CVE-2023-40660: Potential PIN bypass with empty PIN. (Closes:
     #1055521)
   * Fix CVE-2023-40661: Multiple memory vulnerabilities in pkcs15-init.
     (Closes: #1055522)
   * Fix CVE-2024-1454: Memory use after free in AuthentIC driver when updating
     token info.
   * Fix CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating
     key. (Closes: #1082853)
   * Fix CVE-2024-45615: Usage of uninitialized values in libopensc and
     pkcs15init. (Closes: #1082859)
   * Fix CVE-2024-45616: Uninitialized values after incorrect check or usage of
     APDU response values in libopensc. (Closes: #1082860)
   * Fix CVE-2024-45617: Uninitialized values after incorrect or missing
     checking return values of functions in libopensc. (Closes: #1082861)
   * Fix CVE-2024-45618: Uninitialized values after incorrect or missing
     checking return values of functions in pkcs15init. (Closes: #1082862)
   * Fix CVE-2024-45619: Incorrect handling length of buffers or files in
     libopensc. (Closes: #1082863)
   * Fix CVE-2024-45620: Incorrect handling length of buffers or files in
     pkcs15init. (Closes: #1082864)
Checksums-Sha1:
 26aa821bf70bbfd421d365fd987ccc797a7b95ac 2182 opensc_0.21.0-1+deb11u1.dsc
 00f7dbd12749838884a9cee27f8380ac2660cb48 1751439 opensc_0.21.0.orig.tar.gz
 dc640f784935f3e62dcfceebfe773a5f77d776a3 55356 opensc_0.21.0-1+deb11u1.debian.tar.xz
 c526d07fada34781fec1aca994a421b8900d9370 8809 opensc_0.21.0-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 1e5c93e42443bcfd03cf785de960b205eac994859c650f944218c1cfc7d3d6e5 2182 opensc_0.21.0-1+deb11u1.dsc
 d4ee136d1b3a764868433da01857da7347de240e0c82545faa8659c2384ee43d 1751439 opensc_0.21.0.orig.tar.gz
 baed677a5c413ec8b04200a4730d1db22b69f8841a6d101a3ad66e04451078c1 55356 opensc_0.21.0-1+deb11u1.debian.tar.xz
 1091160963ca6de8665a1a5b7a2480645688f3fec4963311275360d9519f967f 8809 opensc_0.21.0-1+deb11u1_amd64.buildinfo
Files:
 e37184bad8144738140dec9b4104d3fa 2182 utils optional opensc_0.21.0-1+deb11u1.dsc
 d9e06292e512f1dbfd19cf72d2eeef28 1751439 utils optional opensc_0.21.0.orig.tar.gz
 1491bf327d12066557f96f1533f3cb0e 55356 utils optional opensc_0.21.0-1+deb11u1.debian.tar.xz
 56e80074148b6e06cc455d131c9f055a 8809 utils optional opensc_0.21.0-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmdu37QACgkQ05pJnDwh
pVLU/A/+IthHaiEQzOPYS0s33yn5PVEnWZtWjnqbvaW0Wt0+u8edMqEyj3Juu6Gc
7O8w3oeJv7vpNjlPigRCBdGFojnaY5GW9VEeOWtIjutwuLFoNTd/zEdxLswP6Ymj
WKSCdUi/2Ce1v9/EVHGXmS5NgScMQDClcA8CqP0ThfJRYoyg5441z3XbavfWnW4z
8Au70LtPtIr3bod7yLbvqSp8Qek/U3GtJE0a0j8uTTEqoApae2F0EYepVKOQy8xv
LBIUiNjjKFbOZ0tqKdUMdA4QSSdxBQILxJrG6R1C+SlydvbdsWhIsK9GUsuU1eJ8
vxYIc5QzdBqgIRKDSv8RA+v9ULsBhW9Ov5L+7Om+T9tabejp62uRpBFCtjzNA4xl
qdYumcEiI0Yi99YDLcP3CDR2Gbo1Ddg1IR+Smb/hV1RkOptsRtVh/0kPqkVHtyG8
eCXrMOii/OGPaQHPtA+444cHJHqQZXobVl3h5a88ECE86SAMn7QdQigsQLUb73H7
T7X/p5LLL4URZfxfWdhRbDdpqvNLLjPQ9ZjNx/xWR4bV/2vjyNkKsa4+2YvUVoXq
Tjjay1iSAAFRjLInCKFf878np1e0uCYOarN4BqSCjA7GgUtPq3VKQybnAKl4YQyg
DZLFh8f2chn4O9qNQxvs37TSymYo+AQc/rutmiAYVyqqmeh/syQ=
=6eQn
-----END PGP SIGNATURE-----
News for package opensc
