Register | Log in

opensc

Smart card utilities with support for PKCS#15 compatible cards

Choose email to subscribe with

general

source: opensc (main)
version: 0.19.0-1
maintainer: Debian OpenSC Maintainers (archive) [DMD]
uploaders: Eric Dorland [DMD]
arch: any
std-ver: 4.2.1.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.12.2-3
oldstable: 0.14.0-2
stable: 0.16.0-3+deb9u1
testing: 0.19.0-1
unstable: 0.19.0-1

versioned links

0.12.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.14.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.0-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

opensc
opensc-pkcs11

action needed

Depends on packages which need a new maintainer normal

The packages that opensc depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2017-12-02 Last update: 2018-11-14 08:59

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2018-10-01 Last update: 2018-11-14 06:16

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-10-12 Last update: 2018-10-12 08:24

13 ignored security issues in jessie low

There are 13 open security issues in jessie.

13 issues skipped by the security teams:

CVE-2018-16418: A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16423: A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16427: Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
CVE-2018-16421: Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16425: A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16426: Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
CVE-2018-16422: A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16392: Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16393: Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16420: Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16391: Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16419: Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16424: A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Please fix them.

Created: 2018-09-05 Last update: 2018-11-10 16:29

testing migrations

This package will soon be part of the auto-readline transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2018-10-06] opensc 0.19.0-1 MIGRATED to testing (Debian testing watch)
[2018-10-04] Accepted opensc 0.16.0-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Eric Dorland)
[2018-09-30] Accepted opensc 0.19.0-1 (source) into unstable (Eric Dorland)
[2018-09-09] Accepted opensc 0.19.0~rc1-1 (source) into unstable (Eric Dorland)
[2018-06-08] opensc 0.18.0-3 MIGRATED to testing (Debian testing watch)
[2018-06-03] Accepted opensc 0.18.0-3 (source) into unstable (Eric Dorland)
[2018-05-28] opensc 0.18.0-2 MIGRATED to testing (Debian testing watch)
[2018-05-22] Accepted opensc 0.18.0-2 (source) into unstable (Eric Dorland)
[2018-05-21] Accepted opensc 0.18.0-1 (source) into unstable (Eric Dorland)
[2018-03-02] opensc 0.17.0-3 MIGRATED to testing (Debian testing watch)
[2018-02-25] Accepted opensc 0.17.0-3 (source) into unstable (Eric Dorland)
[2017-12-03] opensc 0.17.0-2 MIGRATED to testing (Debian testing watch)
[2017-11-27] Accepted opensc 0.17.0-2 (source) into unstable (Eric Dorland)
[2017-07-29] opensc 0.17.0-1 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted opensc 0.17.0-1 (source) into unstable (Eric Dorland)
[2017-06-30] opensc 0.17.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2017-06-24] Accepted opensc 0.17.0~rc1-1 (source amd64) into unstable (Eric Dorland)
[2017-01-26] opensc 0.16.0-3 MIGRATED to testing (Debian testing watch)
[2017-01-16] Accepted opensc 0.16.0-3 (source amd64) into unstable (Eric Dorland)
[2016-12-21] opensc 0.16.0-2 MIGRATED to testing (Debian testing watch)
[2016-12-11] Accepted opensc 0.16.0-2 (source amd64) into unstable (Eric Dorland)
[2016-07-12] opensc 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2016-07-12] opensc 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2016-07-05] Accepted opensc 0.16.0-1 (source amd64) into unstable (Eric Dorland)
[2016-06-02] opensc 0.16.0~rc2-1 MIGRATED to testing (Debian testing watch)
[2016-05-28] Accepted opensc 0.16.0~rc2-1 (source amd64) into unstable (Eric Dorland)
[2016-04-14] opensc 0.16.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2016-04-09] Accepted opensc 0.16.0~rc1-1 (source amd64) into unstable (Eric Dorland)
[2015-05-22] opensc 0.15.0-1 MIGRATED to testing (Britney)
[2015-05-16] Accepted opensc 0.15.0-1 (source amd64) into unstable (Eric Dorland)

1
2

bugs [bug history graph]

all: 27 28
RC: 1
I&N: 21 22
M&W: 5
F&P: 0
patch: 3

links

homepage
lintian (0, 8)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.19.0-1
9 bugs (2 patches)

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing