-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Dec 2024 19:35:04 +0100 Source: opensc Binary: opensc opensc-dbgsym opensc-pkcs11 opensc-pkcs11-dbgsym Architecture: armhf Version: 0.23.0-0.3+deb12u2 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Guilhem Moulin Description: opensc - Smart card utilities with support for PKCS#15 compatible cards opensc-pkcs11 - Smart card utilities with support for PKCS#15 compatible cards Closes: 1064189 1082853 1082859 1082860 1082861 1082862 1082863 1082864 Changes: opensc (0.23.0-0.3+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. (Closes: #1064189) * Fix CVE-2024-1454: Memory use after free in AuthentIC driver when updating token info. * Fix CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (Closes: #1082853) * Fix CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (Closes: #1082859) * Fix CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (Closes: #1082860) * Fix CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (Closes: #1082861) * Fix CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (Closes: #1082862) * Fix CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (Closes: #1082863) * Fix CVE-2024-45620: Incorrect handling length of buffers or files in pkcs15init. (Closes: #1082864) * Add d/salsa-ci.yml for Salsa CI. Checksums-Sha1: 50097d7377f02fc0e084fb769cd87b2a954d67a8 760452 opensc-dbgsym_0.23.0-0.3+deb12u2_armhf.deb 9c7f99ef1d335cb63df37ce1295d4b88b2a1fa7a 2556548 opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_armhf.deb e7b039add94a24372a68aa3128977653264f0dcd 816132 opensc-pkcs11_0.23.0-0.3+deb12u2_armhf.deb 65ab47faf761566e07cd903fa765143c52f8d9fc 8245 opensc_0.23.0-0.3+deb12u2_armhf-buildd.buildinfo ddf3bba99ff73fef7555a42f7c642ccef9d29fa9 351032 opensc_0.23.0-0.3+deb12u2_armhf.deb Checksums-Sha256: bd6f35cbe7e8b09bd6cd5fa1e588c0578f3ea3ccd54f1012e84f798874f593b5 760452 opensc-dbgsym_0.23.0-0.3+deb12u2_armhf.deb 75627ec3aed2cb4ccf7918fbd8b3fa8fdd251146d00eb0f3f48c306292894e1d 2556548 opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_armhf.deb 8e0e0db40af342d3f35e22ec258aba056255d181cb81637d3eb7a40e538d84a9 816132 opensc-pkcs11_0.23.0-0.3+deb12u2_armhf.deb 675a987c4b62331945a8def286dc61dd7004775aa2c891e8ad0b6c7277614e6e 8245 opensc_0.23.0-0.3+deb12u2_armhf-buildd.buildinfo 3aa720f1f8c8cbf09773b0cad3824c0bc346c9c92207c958d72e610f6c1d9034 351032 opensc_0.23.0-0.3+deb12u2_armhf.deb Files: 5e47fc93e1f42e354b36eaaea297d913 760452 debug optional opensc-dbgsym_0.23.0-0.3+deb12u2_armhf.deb 36b45f71a45d91b2e394cd27268e7a80 2556548 debug optional opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_armhf.deb 7df187e1394bf44f2c217dc93adde3c5 816132 utils optional opensc-pkcs11_0.23.0-0.3+deb12u2_armhf.deb 5aa5694c58b5c409a4bd593ab25a3cad 8245 utils optional opensc_0.23.0-0.3+deb12u2_armhf-buildd.buildinfo 5974389896fb9e30f3f4dd2ceb42bc19 351032 utils optional opensc_0.23.0-0.3+deb12u2_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmbvtGd+QaAE2Bi5fsFgOvjtRcdMFAmd5S80ACgkQsFgOvjtR cdPVSQ//Q3Gzn2lsE7hkjl8cRqeKDHP0VBv/Mc3Y79knUNir1+vXnkUpMcY1VlAp 4icxW1aJDGLLbw/yBB+W1adcC1RqYbj36+AGt2aDUJJ6HZfFLSV6XQEPjdmgptdL a+MVZS8+kodKiDaBRaJQ1id7xggVqM3NnLgHoZTy34CYu9Rk2Vs0YyLHjv55kSja SvyTTXJSKiriYkmqLueWj3Epo6rRFIJIzx3xFfqN7geZkvaZc34FM5Y+8fRB5fiF vGP7PemUqA1f9jPMp3Xja2gxrh7LZXSUF0wTS9XjYxvkUeXPSNBNpxzFxJmnxjeP dTO7yBiv0zWLtbZ2aYVAwMgmUEw6BrvGJwZkHvoliXi7oLovs6wg+k2VUJCAYk5I 4EcQ0jvNNPKJPObA7mMWKYaySX1FqAJ6qyzOAWLGjNHaIvOCqSyjWJ9uAlMAUQUH ovnR66OvRjglGu0PSoR8pXzAgZ1wt1F4pAullBts1xKmtzz3Uy5ElMpynxrlneyd iYr0X9QFBO4KWi6KlhI/JNgMoBjH9Z+7Es75bwhuUGq6nx+T7Ag10AFQJJvUtCrJ ekLw9H7aXvfWmtx9zj+7uc1nK2hSbG3Z0eVJhjpZX/dE7j9kxQ/uc0MsgHCrPDEJ XOG7DCKSZJZ0KW/HYrSEG6NV2UsKXNBHV0Vyf3xjLY/X/zLi8yk= =x7bu -----END PGP SIGNATURE-----