-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Dec 2024 19:35:04 +0100 Source: opensc Binary: opensc opensc-dbgsym opensc-pkcs11 opensc-pkcs11-dbgsym Architecture: armel Version: 0.23.0-0.3+deb12u2 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Guilhem Moulin Description: opensc - Smart card utilities with support for PKCS#15 compatible cards opensc-pkcs11 - Smart card utilities with support for PKCS#15 compatible cards Closes: 1064189 1082853 1082859 1082860 1082861 1082862 1082863 1082864 Changes: opensc (0.23.0-0.3+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. (Closes: #1064189) * Fix CVE-2024-1454: Memory use after free in AuthentIC driver when updating token info. * Fix CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (Closes: #1082853) * Fix CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (Closes: #1082859) * Fix CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (Closes: #1082860) * Fix CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (Closes: #1082861) * Fix CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (Closes: #1082862) * Fix CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (Closes: #1082863) * Fix CVE-2024-45620: Incorrect handling length of buffers or files in pkcs15init. (Closes: #1082864) * Add d/salsa-ci.yml for Salsa CI. Checksums-Sha1: 2ac2746757b7e7d3dd5e443629aa139b35ef4c30 748108 opensc-dbgsym_0.23.0-0.3+deb12u2_armel.deb 120e2ea991e51c2685ce89137c04340ae347e3e8 2514624 opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_armel.deb 03bdbdbdf3edad84a1792b9dd5f1c4536ac751b8 797848 opensc-pkcs11_0.23.0-0.3+deb12u2_armel.deb 2a0798c32d82fdad07c2e3d84e204217a6c3fd52 8243 opensc_0.23.0-0.3+deb12u2_armel-buildd.buildinfo 5c232640f855d7d14680ccfee9173be4edecb333 344732 opensc_0.23.0-0.3+deb12u2_armel.deb Checksums-Sha256: 8c94deb8f4f06afdaea69b8b02b23709c067d79948b9b719a5e0a556f3c6c96d 748108 opensc-dbgsym_0.23.0-0.3+deb12u2_armel.deb 5b0e22ca1d28493b0ba2b88dbeace58c6537f461ec4a4810207e77b98c451e82 2514624 opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_armel.deb b6ebc870cf00ed10acbe412803ae35eaa2e584ccdabc3a82027f13d4130f4337 797848 opensc-pkcs11_0.23.0-0.3+deb12u2_armel.deb 1a2985d2f9d2f7dd8c74a10386a02573b7050b9897d4ec86324ee68c1ae7bc53 8243 opensc_0.23.0-0.3+deb12u2_armel-buildd.buildinfo ec2b26d24c0cb6cfc4cee277992ff6ddd2fc1862caee3f4046c3973ac6b7317d 344732 opensc_0.23.0-0.3+deb12u2_armel.deb Files: de42a97f55ea31328a63a5f17d61c8fb 748108 debug optional opensc-dbgsym_0.23.0-0.3+deb12u2_armel.deb 20fc9e4c745e23c559ffb1ea7de80956 2514624 debug optional opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_armel.deb 8ea5eb4592a9b5f2a2a70e90c382df32 797848 utils optional opensc-pkcs11_0.23.0-0.3+deb12u2_armel.deb e8a7bf1693087049499ab09b87706b6c 8243 utils optional opensc_0.23.0-0.3+deb12u2_armel-buildd.buildinfo 9a3fb5232e77e68ef442f10efa5ab0b4 344732 utils optional opensc_0.23.0-0.3+deb12u2_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKAzExpjGvTI78ZO8LARVyvnD3xkFAmd5SsgACgkQLARVyvnD 3xmK3hAA2Yhs2SymTU+ally6DupJYWZFVSCmkbkDc9gDZT+YoVONd0jbkzqR7RME HqCrVXfD+2newL0tIl6ETLMHuW95LvNYnpEHL+S0BNUM8Ci40hzgh2K4OlsL2zkC Bh+mMKEjAVXVm3YNX/N8BqeHAk3S2PeC5+ocJhNM+qw+mjL9E6dLAC4WxSW9HKe0 c8r/twUX4W1dNc5vKUDv9bZRveKw0qUlZXU/u5T9of0N1TihmtErHt8lL2mG9DmB nh+WFZrwkVJYWxBdXF829zy4t4KdWQtu6WI2DXIXdBfVQfkmvTtVYlFOOsO8rM4s Xe5eO/038VYls8oewKPeLFaoqzHg/ynVrqzp3AkcXqmya8Ef4yS03pYd6u0mrftV EftnMyIEDI1mC0BXCrtcTjBfFlcXKOyYkRgb5yLF1ezW57/L2rg2rNVlJFgLFxur WzmBk2MDk1nKXkVA36E+UCxdtQoMhfEIurdFUmWif1fij+77evwUA+lcqXnfAH0x c8nT249gTBWaYjToIh59SnZZ0kNwcQ7M7mWOU2MqFsZAFwgP6s8frpuERYaZZ+F4 DiV7iH/KxTxdksc/Gza/dNS291c7b5mM9nt2z2LfrsD4xbbHhPXOiUNUfN8Ujrac SKgQBpDT/0a/he3xSCUakzPo43Ns+PlTIoq+pyek5ibC54CTXzE= =KaCF -----END PGP SIGNATURE-----