Your message dated Thu, 03 Feb 2011 01:55:52 +0000
with message-id <[email protected]>
and subject line Bug#607781: fixed in pcsc-lite 1.4.102-1+lenny4
has caused the Debian Bug report #607781,
regarding pcsc-lite: buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
607781: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: pcsc-lite
version: 1.4.102-1+lenny3
severity: serious
tags: security
an advisory has been issued for pcsc-lite:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
i have checked that the vulnerable code is present in both lenny and
sid.
mike
--- End Message ---
--- Begin Message ---
Source: pcsc-lite
Source-Version: 1.4.102-1+lenny4
We believe that the bug you reported is fixed in the latest version of
pcsc-lite, which is due to be installed in the Debian FTP archive:
libpcsclite-dev_1.4.102-1+lenny4_i386.deb
to main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny4_i386.deb
libpcsclite1_1.4.102-1+lenny4_i386.deb
to main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny4_i386.deb
pcsc-lite_1.4.102-1+lenny4.diff.gz
to main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny4.diff.gz
pcsc-lite_1.4.102-1+lenny4.dsc
to main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny4.dsc
pcscd_1.4.102-1+lenny4_i386.deb
to main/p/pcsc-lite/pcscd_1.4.102-1+lenny4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Kemp <[email protected]> (supplier of updated pcsc-lite package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 22 Jan 2011 17:18:19 +0000
Source: pcsc-lite
Binary: pcscd libpcsclite-dev libpcsclite1
Architecture: source i386
Version: 1.4.102-1+lenny4
Distribution: stable-security
Urgency: high
Maintainer: Ludovic Rousseau <[email protected]>
Changed-By: Steve Kemp <[email protected]>
Description:
libpcsclite-dev - Middleware to access a smart card using PC/SC (development
files)
libpcsclite1 - Middleware to access a smart card using PC/SC (library)
pcscd - Middleware to access a smart card using PC/SC (daemon side)
Closes: 607781
Changes:
pcsc-lite (1.4.102-1+lenny4) stable-security; urgency=high
.
* Fix CVE-2010-4531: buffer overflow in the ATRDecodeAtr
function in the Answer-to-Reset (ATR) Handler (atrhandler.c)
* Closes: #607781 "pcsc-lite: buffer overflow"
Checksums-Sha1:
e121272ce3d55a63f7ed016ad4685bfd4ed8ce5b 1269 pcsc-lite_1.4.102-1+lenny4.dsc
2218c2cc164eb8cb4291439b2262afe93ddf22f3 643165 pcsc-lite_1.4.102.orig.tar.gz
ccdd9a2b2c96dd769aed0b446ba12196a980e6e2 14048
pcsc-lite_1.4.102-1+lenny4.diff.gz
3d6143b3943cd6fe1c493add6310ac92801d995f 73472 pcscd_1.4.102-1+lenny4_i386.deb
89937f09fc1ae32f06725015057faf7f25581315 55940
libpcsclite-dev_1.4.102-1+lenny4_i386.deb
e5aba9bad9642dbdc564b8ff3a4a1216653a81f7 42218
libpcsclite1_1.4.102-1+lenny4_i386.deb
Checksums-Sha256:
19adc006593d2bd2c4d03b316a1946c0d085a0c07b309cd51e124cb97790ecc6 1269
pcsc-lite_1.4.102-1+lenny4.dsc
4f9ed23bf9492a6eb24bafda4889ba27ae63eb4242b5da6643309a7f6a499bcf 643165
pcsc-lite_1.4.102.orig.tar.gz
017f66c9b39903dc96b147ce54ca6135f587a6197ad61f808bd203f2e437cd84 14048
pcsc-lite_1.4.102-1+lenny4.diff.gz
9b6297d4f3a0cd81d155b37105fb708c3bf261f2ecbc49196bf92c3d26e2f8f1 73472
pcscd_1.4.102-1+lenny4_i386.deb
1dc160e260d68037560d435947346e034049b415545e51071d0486487feedda0 55940
libpcsclite-dev_1.4.102-1+lenny4_i386.deb
735ad05cd093d0bec0f7e1ebb77c5acafd07a8a6306406e1e492fd5e33a7358f 42218
libpcsclite1_1.4.102-1+lenny4_i386.deb
Files:
51cbcba6a8c68c94d54bcd6f899f3d0b 1269 misc extra pcsc-lite_1.4.102-1+lenny4.dsc
bcfa5dd5d76b3020f94b029da764d288 643165 misc extra
pcsc-lite_1.4.102.orig.tar.gz
011e298b7d72799badc6d171ebe809ad 14048 misc extra
pcsc-lite_1.4.102-1+lenny4.diff.gz
683fe74ca9e1ac42d89f479d2ac89954 73472 misc extra
pcscd_1.4.102-1+lenny4_i386.deb
7eb2f9469cb21874497edc2877ede8da 55940 libdevel optional
libpcsclite-dev_1.4.102-1+lenny4_i386.deb
debefaf054cb17a53c19fecfbe530ef9 42218 libs optional
libpcsclite1_1.4.102-1+lenny4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk07GksACgkQwM/Gs81MDZ333gCaAltAU0p8Dn/CJ+8Sf8PFMCO0
3ZoAn1NAgR1jWB8tYo3QOCWb6T80QEvx
=NoA5
-----END PGP SIGNATURE-----
--- End Message ---
