-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Dec 2024 19:35:04 +0100 Source: opensc Binary: opensc opensc-dbgsym opensc-pkcs11 opensc-pkcs11-dbgsym Architecture: arm64 Version: 0.23.0-0.3+deb12u2 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Guilhem Moulin Description: opensc - Smart card utilities with support for PKCS#15 compatible cards opensc-pkcs11 - Smart card utilities with support for PKCS#15 compatible cards Closes: 1064189 1082853 1082859 1082860 1082861 1082862 1082863 1082864 Changes: opensc (0.23.0-0.3+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. (Closes: #1064189) * Fix CVE-2024-1454: Memory use after free in AuthentIC driver when updating token info. * Fix CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (Closes: #1082853) * Fix CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (Closes: #1082859) * Fix CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (Closes: #1082860) * Fix CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (Closes: #1082861) * Fix CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (Closes: #1082862) * Fix CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (Closes: #1082863) * Fix CVE-2024-45620: Incorrect handling length of buffers or files in pkcs15init. (Closes: #1082864) * Add d/salsa-ci.yml for Salsa CI. Checksums-Sha1: bf4e81d1ec02bca2c6b6ff476148f5f0ae9e872c 996408 opensc-dbgsym_0.23.0-0.3+deb12u2_arm64.deb aef628c474d4cf088f40d296c712bc010b412e9d 2594748 opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_arm64.deb eda238e8160ceb1f8dd5fd2c066a4c08580c8cbd 798220 opensc-pkcs11_0.23.0-0.3+deb12u2_arm64.deb 935691d9587269a1f433a0316c93768278c48985 8369 opensc_0.23.0-0.3+deb12u2_arm64-buildd.buildinfo a0fc98787c8979020269a88c676b9b30b6c8c811 359900 opensc_0.23.0-0.3+deb12u2_arm64.deb Checksums-Sha256: 6215a3876c2fafa38660e369d802e7ee40803f6041df8765f5968b4d931bfb3a 996408 opensc-dbgsym_0.23.0-0.3+deb12u2_arm64.deb 623d38417588f1591c4e5987bbdaf8c42d2734a74f2ed2762a019b540ce42216 2594748 opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_arm64.deb cc7a4926469317f16f3fe05c547ea65405cc63ad10a3f6d866140c545555405a 798220 opensc-pkcs11_0.23.0-0.3+deb12u2_arm64.deb 793a1c64761d5385ead4ff6696df3192b3861015446040a4ccc97adddbda167f 8369 opensc_0.23.0-0.3+deb12u2_arm64-buildd.buildinfo c823cff91b7e9c6bf883daf5a5438ff7c13ed172a9443e4b1bb9617ba2c17087 359900 opensc_0.23.0-0.3+deb12u2_arm64.deb Files: 9f67bdf1751ab3be2d33cba8594b7b2c 996408 debug optional opensc-dbgsym_0.23.0-0.3+deb12u2_arm64.deb 482675b8b0f7ce3190f9d23e8aa346cd 2594748 debug optional opensc-pkcs11-dbgsym_0.23.0-0.3+deb12u2_arm64.deb 56d118683ea516a63144daad9386bc04 798220 utils optional opensc-pkcs11_0.23.0-0.3+deb12u2_arm64.deb 0894764422a6c2055e91c3867c719ed3 8369 utils optional opensc_0.23.0-0.3+deb12u2_arm64-buildd.buildinfo 6a5dd3de37ff15efd9e0526691728eda 359900 utils optional opensc_0.23.0-0.3+deb12u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvEwFZ4bqkVI+Rh6t+N4VxR6LZYEFAmd5SrwACgkQ+N4VxR6L ZYERFw//ZuE6tNysxcKeyH/6N1mWznuNuriqTZwOj888/ykqZ2/+yiHzdBGz8drI CdqmYkT2w+LD0oO99we7k94GkdEjstrkA0jEbeXv48nuLK2n9HX1iZvaGbo0yELS teyjYO3u9R4jpJfUFPCJwmf0Yn3/HH2IVEOyXdtmGc8qngd2gsVwsoLlRX6jaKEw fbR9ozffjVwxjdGHswsK6aasbp/8qRmzbhejTGJo5x3BWji6pxo2LxgotAaoHpQR 7lGYIhyNYPouuc9i+egA9iCwfDHk3ATfbP2vojWJVZDmIE9ZVS8zFWxDsuuA0y+h ka2JqWIqzZh4DdCzlYAZcCv4CxpPlDOxGnXK5jw4l8ogEj7ah4bMClfXKrg/eh8Z jELhHJLxo+PgjETG9bhANpNbRX2bsQ1lOIhZJpMyR8tvTEH9PgXTrMZ5bWLEufHV A80aMTKjL3P8S6xc3EuKqUJogRHfdruWGRImhj8bJ/FWdP1BtW6CbAcYNKiEYdS3 7tIvzZVAzNbP6JGxx7Sq3HRDmajK/NVDpp3owKOpV90o+EEcvk/mCzSFVCBAY4ft K6FdoyC3L9uKyH7XzpwLECVCi/Sqf9mC9Epo5l2DWdY6eeH+Kk/AmXqe5JN3FzqA GVbDfLrniIfz3e/WswIH+vMnurvPjaC6++AhOq/d++NdU6pOuUo= =t8UG -----END PGP SIGNATURE-----