-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Dec 2024 19:35:04 +0100 Source: opensc Architecture: source Version: 0.23.0-0.3+deb12u2 Distribution: bookworm Urgency: medium Maintainer: Debian OpenSC Maintainers <pkg-opensc-maint@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1064189 1082853 1082859 1082860 1082861 1082862 1082863 1082864 Changes: opensc (0.23.0-0.3+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. (Closes: #1064189) * Fix CVE-2024-1454: Memory use after free in AuthentIC driver when updating token info. * Fix CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (Closes: #1082853) * Fix CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (Closes: #1082859) * Fix CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (Closes: #1082860) * Fix CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (Closes: #1082861) * Fix CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (Closes: #1082862) * Fix CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (Closes: #1082863) * Fix CVE-2024-45620: Incorrect handling length of buffers or files in pkcs15init. (Closes: #1082864) * Add d/salsa-ci.yml for Salsa CI. Checksums-Sha1: 728a15416be491275950f61ff415178099d65e14 2190 opensc_0.23.0-0.3+deb12u2.dsc c46e55656db5cbb9ea2b955e5713781845435f2d 40288 opensc_0.23.0-0.3+deb12u2.debian.tar.xz fe998c7877d7b74a8554832014fe42aa5a9b4920 8789 opensc_0.23.0-0.3+deb12u2_amd64.buildinfo Checksums-Sha256: 76f2ac02b702ef0ab7b520ff199e4cc3709d56022e6d436bc1c55f3d1e36102a 2190 opensc_0.23.0-0.3+deb12u2.dsc ac259b36979e9d8cb5677c79865116a759f473fd7cbd97548d7828b358a95a5a 40288 opensc_0.23.0-0.3+deb12u2.debian.tar.xz 4370e1643d91a1c23a08b402ca0408700724d107426c7fc55c03fae86e718cb5 8789 opensc_0.23.0-0.3+deb12u2_amd64.buildinfo Files: f2952761940fea8df8148d506f2c66e9 2190 utils optional opensc_0.23.0-0.3+deb12u2.dsc 7190564263bd944445aa46539f31a16a 40288 utils optional opensc_0.23.0-0.3+deb12u2.debian.tar.xz 82c9207e59481688c41d5f6fd886f084 8789 utils optional opensc_0.23.0-0.3+deb12u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmdoXlYACgkQ05pJnDwh pVLL9A/+MuWrsIvrNQGML4o9P7TsSsi84mC6LHEubuqzYw8zB3D0HR5VTY1ojqY6 bh9RaMR1kot1K50RF9PlzJqoGL8MPWn3D784SwJydCWHPoJaNnCZVnCyt1nnkhfC WiNbzEAhqV/wJL0V0Bzw+UZPakZxTzzRilD40RIB5y1i4CtWWIy3iV9qDS2c+fOU Uc/1Rmm85Gg+7bybVvY8BfrUqWWudILY9uC9IiaooKrBepWleKaeMlU6VRuFBCcQ lHrunZw41BQFncj4rABlWbXqXK9QfseXazeTtvgIqxMm4J+N1H5fNOLP/z/PhKyl Vevs1J6SESUdargCLMGw6lIdCBuoBtYPa5+PefnJqrAZ6E40kIibTXlnSa9wKUsk nDacS25u/ij0qZByubfpqtF+y2BLroKeKTvSXZO9cDOhzzNZQbq6IknJiYsfq2WA H+f5k9E3ZBT9HtoQ7roBmhUigdpDTOz0e2x41Qo4HZ5hZtUH68nVyFLenXZjZaaz mT1fB4JSWa58GrTQs8rwsTJIcA19HtnNHThZxKApVudf1yRTsaVZ6pxFYJlEGj1z kq3HX/Ru2AeqXZAxc3ZUN8D6Go7uruKJSujMRz/6qv0XrVsZ/i8kqqRXsT4j5oQ1 np8R3YMc5uKCOOgfriztoJJg3rZ+B6pfAjiXYpXMtUiuMakhE2E= =UoSw -----END PGP SIGNATURE-----
