Package: libengine-pkcs11-openssl Version: 0.1.8-5 Severity: grave Tags: security Justification: user security hole
Dear Maintainer, Functions in src/engine_pkcs11.c to set static global data (set_module, set_pin, get_pin and set_init_args) do not free memories pointed by the corresponding pointers before assigning them to newly allocated memories, which may cause memory leaks if they are called more than once. The bugs related to set_module, set_pin and get_pin are fixed on upstream, but the one of set_init_args is not. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing'), (500, 'testing-proposed-updates'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libengine-pkcs11-openssl depends on: ii libc6 2.19-22 ii libp11-2 0.2.8-6 ii libssl1.0.0 1.0.2d-1 libengine-pkcs11-openssl recommends no packages. libengine-pkcs11-openssl suggests no packages. -- no debconf information
signature.asc
Description: OpenPGP digital signature
