severity 607781 important
tags 607781 fixed-upstream
thank
Le 22/12/2010 00:10, Michael Gilbert a écrit :
package: pcsc-lite
version: 1.4.102-1+lenny3
severity: serious
tags: security
an advisory has been issued for pcsc-lite:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
i have checked that the vulnerable code is present in both lenny and
sid.
The problem has been fixed upstream in version pcsc-lite 1.6.5.
pcsc-lite 1.6.6 is available in experimental ans will be uploaded to sid
after squeeze is out.
The attacker needs to have a physical access to the computer and a
specially crafter smart card. I don't plan to fix the problem in squeeze
(so lowering the severity).
Thanks
--
Ludovic
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
