Your message dated Sat, 22 Jan 2011 11:17:07 +0000
with message-id <[email protected]>
and subject line Bug#607780: fixed in ccid 1.3.11-2
has caused the Debian Bug report #607780,
regarding ccid: buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
607780: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607780
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: ccid
version: 1.3.8-1
severity: serious
tags: security
an advisory has been issued for the pcsc-lite ccid driver:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
i have checked that the vulnerable code is present in both lenny and
sid.
mike
--- End Message ---
--- Begin Message ---
Source: ccid
Source-Version: 1.3.11-2
We believe that the bug you reported is fixed in the latest version of
ccid, which is due to be installed in the Debian FTP archive:
ccid_1.3.11-2.diff.gz
to main/c/ccid/ccid_1.3.11-2.diff.gz
ccid_1.3.11-2.dsc
to main/c/ccid/ccid_1.3.11-2.dsc
libccid_1.3.11-2_amd64.deb
to main/c/ccid/libccid_1.3.11-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ludovic Rousseau <[email protected]> (supplier of updated ccid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 22 Jan 2011 11:52:56 +0100
Source: ccid
Binary: libccid
Architecture: source amd64
Version: 1.3.11-2
Distribution: unstable
Urgency: high
Maintainer: Ludovic Rousseau <[email protected]>
Changed-By: Ludovic Rousseau <[email protected]>
Description:
libccid - PC/SC driver for USB CCID smart card readers
Closes: 607780
Changes:
ccid (1.3.11-2) unstable; urgency=high
.
* Fix CVE-2010-4530: Signedness error in ccid_serial.c
* Closes: #607780 "ccid: buffer overflow"
Checksums-Sha1:
bc7c53864b2e3cb6592904ffb3700dbcaba2b1ff 1230 ccid_1.3.11-2.dsc
0b68a59debadeb767a9ba9535fd256c918225d30 13697 ccid_1.3.11-2.diff.gz
1fa506fd796f143baf794828adabd45300026138 109070 libccid_1.3.11-2_amd64.deb
Checksums-Sha256:
c3c08c595cd3219b934c223db4ae9bf456afcd0720b5bc3aeda3ca4a9401c453 1230
ccid_1.3.11-2.dsc
84bb0b55229a9934a0c7ddbed2cb8ba2babab4f53757f60a9563cc16e5da9f5f 13697
ccid_1.3.11-2.diff.gz
c783b200d9af6975ada5a93c11c86f674264200ab351b69853f81d9f8c320524 109070
libccid_1.3.11-2_amd64.deb
Files:
2782541e4d7f364b3deeeec288636901 1230 libs extra ccid_1.3.11-2.dsc
f6d87719e320f2910f02545cd342e3fd 13697 libs extra ccid_1.3.11-2.diff.gz
46cc0739ee26f41ab08b5db55c4477ef 109070 libs extra libccid_1.3.11-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk06uOYACgkQP0qKj+B/HPkfQACgkJdY+mFYgs9e1YCRy2EC+gU1
iTkAnAhBkf5nSQgMKo9JyfeuNkJSDKv2
=jxJ/
-----END PGP SIGNATURE-----
--- End Message ---
