Debian Package Tracker

general

source: opensc (main)
version: 0.19.0-2
maintainer: Debian OpenSC Maintainers (archive) [DMD]
uploaders: Eric Dorland [DMD]
arch: any
std-ver: 4.2.1.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.14.0-2
oldstable: 0.16.0-3+deb9u1
stable: 0.19.0-1
testing: 0.19.0-2
unstable: 0.19.0-2

versioned links

0.14.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.0-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

opensc (19 bugs: 0, 16, 3, 0)
opensc-pkcs11 (5 bugs: 0, 5, 0, 0)

action needed

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-07-18 09:04

Depends on packages which need a new maintainer normal

The packages that opensc depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2017-12-02 Last update: 2019-07-18 07:39

lintian reports 7 warnings normal

Lintian reports 7 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-12 Last update: 2019-07-12 06:44

13 ignored security issues in jessie low

There are 13 open security issues in jessie.

13 issues skipped by the security teams:

CVE-2018-16419: Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16426: Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
CVE-2018-16427: Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
CVE-2018-16392: Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16423: A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16422: A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16393: Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16418: A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16421: Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16420: Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16391: Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16425: A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16424: A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

Please fix them.

Created: 2018-09-05 Last update: 2019-07-09 05:06

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.2.1.1).

Created: 2018-12-23 Last update: 2019-07-08 20:09

testing migrations

This package is part of the ongoing testing transition known as auto-readline. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-07-09] opensc 0.19.0-2 MIGRATED to testing (Debian testing watch)
[2019-03-04] Accepted opensc 0.19.0-2 (source) into unstable (Eric Dorland)
[2018-10-06] opensc 0.19.0-1 MIGRATED to testing (Debian testing watch)
[2018-10-04] Accepted opensc 0.16.0-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Eric Dorland)
[2018-09-30] Accepted opensc 0.19.0-1 (source) into unstable (Eric Dorland)
[2018-09-09] Accepted opensc 0.19.0~rc1-1 (source) into unstable (Eric Dorland)
[2018-06-08] opensc 0.18.0-3 MIGRATED to testing (Debian testing watch)
[2018-06-03] Accepted opensc 0.18.0-3 (source) into unstable (Eric Dorland)
[2018-05-28] opensc 0.18.0-2 MIGRATED to testing (Debian testing watch)
[2018-05-22] Accepted opensc 0.18.0-2 (source) into unstable (Eric Dorland)
[2018-05-21] Accepted opensc 0.18.0-1 (source) into unstable (Eric Dorland)
[2018-03-02] opensc 0.17.0-3 MIGRATED to testing (Debian testing watch)
[2018-02-25] Accepted opensc 0.17.0-3 (source) into unstable (Eric Dorland)
[2017-12-03] opensc 0.17.0-2 MIGRATED to testing (Debian testing watch)
[2017-11-27] Accepted opensc 0.17.0-2 (source) into unstable (Eric Dorland)
[2017-07-29] opensc 0.17.0-1 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted opensc 0.17.0-1 (source) into unstable (Eric Dorland)
[2017-06-30] opensc 0.17.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2017-06-24] Accepted opensc 0.17.0~rc1-1 (source amd64) into unstable (Eric Dorland)
[2017-01-26] opensc 0.16.0-3 MIGRATED to testing (Debian testing watch)
[2017-01-16] Accepted opensc 0.16.0-3 (source amd64) into unstable (Eric Dorland)
[2016-12-21] opensc 0.16.0-2 MIGRATED to testing (Debian testing watch)
[2016-12-11] Accepted opensc 0.16.0-2 (source amd64) into unstable (Eric Dorland)
[2016-07-12] opensc 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2016-07-12] opensc 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2016-07-05] Accepted opensc 0.16.0-1 (source amd64) into unstable (Eric Dorland)
[2016-06-02] opensc 0.16.0~rc2-1 MIGRATED to testing (Debian testing watch)
[2016-05-28] Accepted opensc 0.16.0~rc2-1 (source amd64) into unstable (Eric Dorland)
[2016-04-14] opensc 0.16.0~rc1-1 MIGRATED to testing (Debian testing watch)
[2016-04-09] Accepted opensc 0.16.0~rc1-1 (source amd64) into unstable (Eric Dorland)

bugs [bug history graph]

all: 27 28
RC: 0
I&N: 24 25
M&W: 3
F&P: 0
patch: 2

links

homepage
lintian (0, 7)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.19.0-2
9 bugs (2 patches)