Debian Package Tracker

general

source: opensc (main)
version: 0.19.0-2
maintainer: Debian OpenSC Maintainers (archive) [DMD]
uploaders: Eric Dorland [DMD]
arch: any
std-ver: 4.2.1.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.14.0-2
stable: 0.16.0-3+deb9u1
testing: 0.19.0-1
unstable: 0.19.0-2

versioned links

0.14.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.0-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

opensc
opensc-pkcs11

action needed

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-04-24 16:33

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2019-03-14 Last update: 2019-04-24 16:06

Depends on packages which need a new maintainer normal

The packages that opensc depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2017-12-02 Last update: 2019-04-24 14:38

lintian reports 7 warnings normal

Lintian reports 7 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-04-07 Last update: 2019-04-07 07:38

13 ignored security issues in jessie low

There are 13 open security issues in jessie.

13 issues skipped by the security teams:

CVE-2018-16426: Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
CVE-2018-16419: Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16421: Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16393: Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16427: Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
CVE-2018-16391: Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16420: Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16418: A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16424: A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16422: A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16392: Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16425: A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16423: A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Please fix them.

Created: 2018-09-05 Last update: 2019-03-04 11:34

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1.1).

Created: 2018-12-23 Last update: 2019-03-04 11:34

testing migrations

This package will soon be part of the auto-readline transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- 51 days old (5 needed)
- Piuparts tested OK - https://piuparts.debian.org/sid/source/o/opensc.html
- Not touching package due to block request by freeze (please contact debian-release if update is needed)
- Not considered

news

[rss feed]

[2019-03-04] Accepted opensc 0.19.0-2 (source) into unstable (Eric Dorland)
[2018-10-06] opensc 0.19.0-1 MIGRATED to testing (Debian testing watch)
[2018-10-04] Accepted opensc 0.16.0-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Eric Dorland)
[2018-09-30] Accepted opensc 0.19.0-1 (source) into unstable (Eric Dorland)
[2018-09-09] Accepted opensc 0.19.0~rc1-1 (source) into unstable (Eric Dorland)
[2018-06-08] opensc 0.18.0-3 MIGRATED to testing (Debian testing watch)
[2018-06-03] Accepted opensc 0.18.0-3 (source) into unstable (Eric Dorland)
[2018-05-28] opensc 0.18.0-2 MIGRATED to testing (Debian testing watch)
[2018-05-22] Accepted opensc 0.18.0-2 (source) into unstable (Eric Dorland)
[2018-05-21] Accepted opensc 0.18.0-1 (source) into unstable (Eric Dorland)
[2018-03-02] opensc 0.17.0-3 MIGRATED to testing (Debian testing watch)
[2018-02-25] Accepted opensc 0.17.0-3 (source) into unstable (Eric Dorland)
[2017-12-03] opensc 0.17.0-2 MIGRATED to testing (Debian testing watch)
[2017-11-27] Accepted opensc 0.17.0-2 (source) into unstable (Eric Dorland)
[2017-07-29] opensc 0.17.0-1 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted opensc 0.17.0-1 (source) into unstable (Eric Dorland)
[2017-06-30] opensc 0.17.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2017-06-24] Accepted opensc 0.17.0~rc1-1 (source amd64) into unstable (Eric Dorland)
[2017-01-26] opensc 0.16.0-3 MIGRATED to testing (Debian testing watch)
[2017-01-16] Accepted opensc 0.16.0-3 (source amd64) into unstable (Eric Dorland)
[2016-12-21] opensc 0.16.0-2 MIGRATED to testing (Debian testing watch)
[2016-12-11] Accepted opensc 0.16.0-2 (source amd64) into unstable (Eric Dorland)
[2016-07-12] opensc 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2016-07-12] opensc 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2016-07-05] Accepted opensc 0.16.0-1 (source amd64) into unstable (Eric Dorland)
[2016-06-02] opensc 0.16.0~rc2-1 MIGRATED to testing (Debian testing watch)
[2016-05-28] Accepted opensc 0.16.0~rc2-1 (source amd64) into unstable (Eric Dorland)
[2016-04-14] opensc 0.16.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2016-04-09] Accepted opensc 0.16.0~rc1-1 (source amd64) into unstable (Eric Dorland)
[2015-05-22] opensc 0.15.0-1 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 27 28
RC: 0
I&N: 24 25
M&W: 3
F&P: 0
patch: 2

links

homepage
lintian (0, 7)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.19.0-2
9 bugs (2 patches)