** Changed in: opensc (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubun
Thanks Jonathan! I caught the update today but missed the original bug.
Sorry about that.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
ub
For the record, this is CVE-2010-4523 and it's being tracked in Debian
bug #607427 (#607732 was a duplicate)
** Bug watch added: Debian Bug tracker #607427
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4523
** Cha
** Branch linked: lp:ubuntu/maverick-security/opensc
** Branch linked: lp:ubuntu/karmic-security/opensc
** Branch linked: lp:ubuntu/lucid-security/opensc
** Branch linked: lp:ubuntu/hardy-security/opensc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
This bug was fixed in the package opensc - 0.11.4-2ubuntu2.1
---
opensc (0.11.4-2ubuntu2.1) hardy-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- Move MIN and MAX macros from muscle.c to internal.h
- https://www.opensc-project.
This bug was fixed in the package opensc - 0.11.8-1ubuntu2.1
---
opensc (0.11.8-1ubuntu2.1) karmic-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
- debian/pat
This bug was fixed in the package opensc - 0.11.12-1ubuntu3.2
---
opensc (0.11.12-1ubuntu3.2) lucid-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
- debian/pa
This bug was fixed in the package opensc - 0.11.13-1ubuntu2.1
---
opensc (0.11.13-1ubuntu2.1) maverick-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
- debian
Karmic also had the wrong version. In the future, please review
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging to make
sure the debdiff is correct. Thanks again. :)
** Changed in: opensc (Ubuntu Hardy)
Status: Confirmed => Fix Committed
** Changed in: opensc (Ubuntu Karmi
We can use even short URLs in DEP3:
instead https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483
I really preffer https://launchpad.net/bugs/692483
Regards and thanks for patch.
MOTU SWAT
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed t
Karmic also had the wrong version. In the future, please review
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging to make
sure the debdiff is correct. Thanks again. :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
http
** Also affects: opensc (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: opensc (Ubuntu Karmic)
Importance: Undecided
Status: New
** Changed in: opensc (Ubuntu Hardy)
Status: New => Confirmed
** Changed in: opensc (Ubuntu Hardy)
Importance: Undecide
Also, the hardy debdiff has 'jaunty' instead of 'hardy-security' and
uses the wrong version for hardy. It should be 0.11.4-2ubuntu2.1. I'll
fix these up in the interest of time.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
Torsten, thanks for the patches for the older releases. The karmic
debdiff only has template text for the DEP-3 comments, and the hardy
debdiff should have the DEP-3 info in the debian/changelog since there
isn't a patch system.
--
You received this bug notification because you are a member of Ub
** Patch added: "opensc-hardy.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772708/+files/opensc-hardy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/69
** Patch added: "opensc-karmic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772657/+files/opensc-karmic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
** Branch linked: lp:ubuntu/opensc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mai
Used submittodebian to open http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=607732.
** Bug watch added: Debian Bug tracker #607732
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607732
** Also affects: opensc (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607732
Import
Thanks for your patches! These look great and I have uploaded them to
the security PPA. When they finish building, I will push them to the
archive.
Minor nit: with DEP-3 quilt patches you don't need the DEP-3 comments commented
out with '##'. Eg, the following is preferred:
Description: Fix buffe
ACK
** Changed in: opensc (Ubuntu Lucid)
Status: Confirmed => Fix Committed
** Changed in: opensc (Ubuntu Maverick)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchp
This bug was fixed in the package opensc - 0.11.13-1ubuntu4
---
opensc (0.11.13-1ubuntu4) natty; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
- debian/patches/buffer-
** Also affects: opensc (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: opensc (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: opensc (Ubuntu Natty)
Importance: Undecided
Status: New
** Changed in: opensc (Ubuntu Lucid)
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https:
** Patch added: "opensc-natty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772306/+files/opensc-natty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/69
** Patch removed: "opensc-natty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771418/+files/opensc-natty.debdiff
** Patch removed: "opensc-lucid.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771517/+files/opensc-luc
FWIW, I think the compiler flags[1] will reduce this vulnerability from
being exploitable to only being a denial of service, but additional
study would be needed.
[1] https://wiki.ubuntu.com/CompilerFlags
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is sub
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/
** Patch added: "opensc-maverick.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771518/+files/opensc-maverick.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
** Patch removed: "opensc-lucid.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771515/+files/opensc-lucid.debdiff
** Patch removed: "opensc-maverick.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771516/+files/opensc-
** Patch added: "opensc-maverick.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771516/+files/opensc-maverick.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
** Patch removed: "opensc-lucid.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771441/+files/opensc-lucid.debdiff
** Patch removed: "opensc-maverick.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771455/+files/opensc-
** Patch removed: "opensc-maverick.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771417/+files/opensc-maverick.debdiff
** Patch added: "opensc-maverick.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771455/+files/ope
** Patch removed: "opensc-lucid.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771416/+files/opensc-lucid.debdiff
** Patch added: "opensc-lucid.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771441/+files/opensc-lucid
** Patch added: "opensc-natty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771418/+files/opensc-natty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/69
** Patch added: "opensc-maverick.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771417/+files/opensc-maverick.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
** Patch removed: "opensc-natty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771322/+files/opensc-natty.debdiff
** Patch removed: "opensc-lucid.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771323/+files/opensc-luc
** Description changed:
Binary package hint: opensc
A potential security problem exists at least in Ubuntu 10.04 LTS and was
fixed upstream in https://www.opensc-project.org/opensc/changeset/4913 .
+
+ Testing: the package was tested on Lucid, no regression was obvious.
--
You received
** Patch added: "opensc-maverick.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771335/+files/opensc-maverick.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
** Patch added: "opensc-lucid.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771323/+files/opensc-lucid.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/69
** Patch added: "opensc-natty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771322/+files/opensc-natty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/69
I've built a patched package for testing in
https://launchpad.net/~tspindler/+archive/opensc-lvm
A first test of the patched package on a smartcard enabled system was
successful.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
** Patch added: "buffer-overflow.patch"
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771278/+files/buffer-overflow.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
The problem seems to be also in the git repo from upstream Debian,
git://git.debian.org/git/pkg-opensc/opensc.git . The attached patches
are taken from opensc upstream (https://www.opensc-
project.org/opensc/changeset/4912 and https://www.opensc-
project.org/opensc/changeset/4913).
** Patch added:
43 matches
Mail list logo
