-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Dec 2024 19:35:04 +0100 Source: opensc Binary: opensc opensc-dbgsym opensc-pkcs11 opensc-pkcs11-dbgsym Architecture: amd64 Version: 0.23.0-0.3+deb12u2 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Guilhem Moulin Description: opensc - Smart card utilities with support for PKCS#15 compatible cards opensc-pkcs11 - Smart card utilities with support for PKCS#15 compatible cards Closes: 1064189 1082853 1082859 1082860 1082861 1082862 1082863 1082864 Changes: opensc (0.23.0-0.3+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. (Closes: #1064189) * Fix CVE-2024-1454: Memory use after free in AuthentIC driver when updating token info. * Fix CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (Closes: #1082853) * Fix CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (Closes: #1082859) * Fix CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (Closes: #1082860) * Fix CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (Closes: #1082861) * Fix CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (Closes: #1082862) * Fix CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (Closes: #1082863) * Fix CVE-2024-45620: Incorrect handling length of buffers or files in pkcs15init. (Closes: #1082864) * Add d/salsa-ci.yml for Salsa CI. Checksums-Sha1: f2d42752e086fe7bf92b91e392b00d1ea3f7b795 987628 opensc-dbgsym_0.23.0-0.3+deb12u2_amd64.deb 96b0966f4b1a36d1da2676ad3d00d8ba76dc602d 2535872 opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_amd64.deb 0d19c6527c8c39bed775484c3f1e32f0e3da3541 916528 opensc-pkcs11_0.23.0-0.3+deb12u2_amd64.deb f78062cb10363072282873e18fab4237c2284101 8370 opensc_0.23.0-0.3+deb12u2_amd64-buildd.buildinfo 50f9e9c1627ac864c5a2d5190c623562d70ab15d 372320 opensc_0.23.0-0.3+deb12u2_amd64.deb Checksums-Sha256: 9febbdb8b99224a971b91cdd39bd408734991d7d3ca3458a80e4bd0419da6a1d 987628 opensc-dbgsym_0.23.0-0.3+deb12u2_amd64.deb c20b6fcfc41b47d8093fa08f6262a270239e9c10c069e001e0480fc4407d5164 2535872 opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_amd64.deb c10abd389a7ae721099196f900902400090cd5bd0ab2deba0831d4a226275188 916528 opensc-pkcs11_0.23.0-0.3+deb12u2_amd64.deb 76490633857d874482ab583136a08a3e5001a60f015320092ca83fb84d0b78e3 8370 opensc_0.23.0-0.3+deb12u2_amd64-buildd.buildinfo 54c7041f1db7e8ad09755cf3be8dd188d42cee37459ef52f4323bcff2c7bf516 372320 opensc_0.23.0-0.3+deb12u2_amd64.deb Files: 8591a15cd477a24741be0adaa858c32d 987628 debug optional opensc-dbgsym_0.23.0-0.3+deb12u2_amd64.deb fd09d9282f0e13b630b9c16cd0bdcc92 2535872 debug optional opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_amd64.deb 59fe18a20794fdfd8e39fa07ea880df9 916528 utils optional opensc-pkcs11_0.23.0-0.3+deb12u2_amd64.deb 7a1622fd5b1209ae105f1888db5766fa 8370 utils optional opensc_0.23.0-0.3+deb12u2_amd64-buildd.buildinfo 00dbb5dd65125a7984bc9d44bae3bd65 372320 utils optional opensc_0.23.0-0.3+deb12u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmd5SrgACgkQgDm7h4zf CpI9Vw/8CNWApDqIzU/0tBvO2UGDZ54FsgaI+PGE0WAbwhXYx5uYkXmEEhTXd/cA tr65ZD/R4CxzgeHSF9hCdkVjmDMjOsI4H+0XKvghbq+50QSsbRiIckbJPFM6p0l4 babTzOXs3TEW9SVBR37TXQiIvAuQJVCt0ntDgLU9mypTOTFNH7WMXax9FDPnnMeS p9JDLATU6Rb+4vpGd5liDG9vIEvuIj1VGvkoZF8PEIS7pXxJhpSVfONaH2OB+3qc nwDxVzRbFXbk59x5HDHHVSlv49/zpHb8Abs+J8BWRem/zoueBEZ2vvwoWEMvcfYz Vfaf33By2eZFhaXy51WlGDx8XKDKd5nvaQKpbUNYbkc4yRs52qTRHnlgJlMTH3wS hWdRq0o45P1NRf3iX6xqytX16WmLQWtx23wQ/jibKq5Tm+n+kVGRZZFImqHfSLi6 V+TifAGmqCe2Rv2IvZWcZFHkX5TN3w1DFVyt+ySwvmou5KW9AmILI6kDp9wjQDeK 1r8J9uDIjbTluji+3UvXBe6iQdKw+aax2+lKVFddMJwLPaP/d5Vr9tXEEdQ8/O/3 +TshRTLEWpIKN9zZyuqHogFj/jRXYULmBRfVh0QcbpfTaa8pvAQ6Xdwo8CJE7m1k 8W4qBbGWYKOmAgaibjDiL0uudMwJnO2z1QqTmHuwQ6BMMH7LTgA= =40YL -----END PGP SIGNATURE-----