Hi Stef, thanks for looking into this.
> (so I propose to remove it -> OK???) fine with me. > - no reference to the user PIN is given with "pkcs15-init -X", which causes > sc_pkcs15_init_fixup_file() to set the corresponding ACs to NONE (!) > It looks rather nasty but I'm afraid of shacking it up so I just added > a reference > to the first user PIN in case it's not set -> comments? sorry, I don't know the code well enough. can you check 0.9.6 and 0.10.1 as well, if they have this problem, and if so can you create patch files? and can you write a summary of the problems, i.e. who exactly is affected and what an attacker could do? shall we release updated versions or only the patch files? we will need to contact all linux distributions etc. I know there is some common mailing list, but no idea where. also we should get a CAN/CVE number and stuff like that. no idea how to do all that, but I guess someone can help us. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
