[Bug 692483] Re: Buffer overflow
** Changed in: opensc (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 692483] Re: Buffer overflow
Thanks Jonathan! I caught the update today but missed the original bug. Sorry about that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
For the record, this is CVE-2010-4523 and it's being tracked in Debian bug #607427 (#607732 was a duplicate) ** Bug watch added: Debian Bug tracker #607427 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4523 ** Changed in: opensc (Debian) Remote watch: Debian Bug tracker #607732 => Debian Bug tracker #607427 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Branch linked: lp:ubuntu/maverick-security/opensc ** Branch linked: lp:ubuntu/karmic-security/opensc ** Branch linked: lp:ubuntu/lucid-security/opensc ** Branch linked: lp:ubuntu/hardy-security/opensc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
This bug was fixed in the package opensc - 0.11.4-2ubuntu2.1 --- opensc (0.11.4-2ubuntu2.1) hardy-security; urgency=low * SECURITY UPDATE: specially crafted cards may be able to execute code. - Move MIN and MAX macros from muscle.c to internal.h - https://www.opensc-project.org/opensc/changeset/4912 - Fix potential buffer overflow by rogue cards. (LP: #692483) - update card-acos5.c, card-atrust-acos.c and card-starcos.c to use MIN macros to protect against buffer overflow - https://www.opensc-project.org/opensc/changeset/4913 -- Torsten Spindler (Canonical)Tue, 21 Dec 2010 16:34:32 +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
This bug was fixed in the package opensc - 0.11.8-1ubuntu2.1 --- opensc (0.11.8-1ubuntu2.1) karmic-security; urgency=low * SECURITY UPDATE: specially crafted cards may be able to execute code. - debian/patches/min-max.patch: Add MIN and MAX macros for last patch - debian/patches/buffer-overflow.patch: Fix potential buffer overflow by rogue cards. (LP: #692483) -- Torsten Spindler (Canonical)Tue, 21 Dec 2010 16:12:30 +0100 ** Changed in: opensc (Ubuntu Hardy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
This bug was fixed in the package opensc - 0.11.12-1ubuntu3.2 --- opensc (0.11.12-1ubuntu3.2) lucid-security; urgency=low * SECURITY UPDATE: specially crafted cards may be able to execute code. - debian/patches/min-max.patch: Add MIN and MAX macros for last patch - debian/patches/buffer-overflow.patch: Fix potential buffer overflow by rogue cards. (LP: #692483) -- Torsten Spindler (Canonical)Mon, 20 Dec 2010 11:00:40 +0100 ** Changed in: opensc (Ubuntu Karmic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
This bug was fixed in the package opensc - 0.11.13-1ubuntu2.1 --- opensc (0.11.13-1ubuntu2.1) maverick-security; urgency=low * SECURITY UPDATE: specially crafted cards may be able to execute code. - debian/patches/min-max.patch: Add MIN and MAX macros for last patch - debian/patches/buffer-overflow.patch: Fix potential buffer overflow by rogue cards. (LP: #692483) -- Torsten Spindler (Canonical)Mon, 20 Dec 2010 13:51:01 +0100 ** Changed in: opensc (Ubuntu Maverick) Status: Fix Committed => Fix Released ** Changed in: opensc (Ubuntu Lucid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
Karmic also had the wrong version. In the future, please review https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging to make sure the debdiff is correct. Thanks again. :) ** Changed in: opensc (Ubuntu Hardy) Status: Confirmed => Fix Committed ** Changed in: opensc (Ubuntu Karmic) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
We can use even short URLs in DEP3: instead https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 I really preffer https://launchpad.net/bugs/692483 Regards and thanks for patch. MOTU SWAT -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
Karmic also had the wrong version. In the future, please review https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging to make sure the debdiff is correct. Thanks again. :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Also affects: opensc (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: opensc (Ubuntu Karmic) Importance: Undecided Status: New ** Changed in: opensc (Ubuntu Hardy) Status: New => Confirmed ** Changed in: opensc (Ubuntu Hardy) Importance: Undecided => Low ** Changed in: opensc (Ubuntu Karmic) Status: New => Confirmed ** Changed in: opensc (Ubuntu Karmic) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
Also, the hardy debdiff has 'jaunty' instead of 'hardy-security' and uses the wrong version for hardy. It should be 0.11.4-2ubuntu2.1. I'll fix these up in the interest of time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
Torsten, thanks for the patches for the older releases. The karmic debdiff only has template text for the DEP-3 comments, and the hardy debdiff should have the DEP-3 info in the debian/changelog since there isn't a patch system. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-hardy.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772708/+files/opensc-hardy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-karmic.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772657/+files/opensc-karmic.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Branch linked: lp:ubuntu/opensc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
Used submittodebian to open http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=607732. ** Bug watch added: Debian Bug tracker #607732 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607732 ** Also affects: opensc (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607732 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
Thanks for your patches! These look great and I have uploaded them to the security PPA. When they finish building, I will push them to the archive. Minor nit: with DEP-3 quilt patches you don't need the DEP-3 comments commented out with '##'. Eg, the following is preferred: Description: Fix buffer overflow Origin: upstream, https://www.opensc-project.org/opensc/changeset/4913 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
ACK ** Changed in: opensc (Ubuntu Lucid) Status: Confirmed => Fix Committed ** Changed in: opensc (Ubuntu Maverick) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
This bug was fixed in the package opensc - 0.11.13-1ubuntu4 --- opensc (0.11.13-1ubuntu4) natty; urgency=low * SECURITY UPDATE: specially crafted cards may be able to execute code. - debian/patches/min-max.patch: Add MIN and MAX macros for last patch - debian/patches/buffer-overflow.patch: Fix potential buffer overflow by rogue cards. (LP: #692483) -- Torsten Spindler (Canonical)Tue, 21 Dec 2010 09:50:33 +0100 ** Changed in: opensc (Ubuntu Natty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Also affects: opensc (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: opensc (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: opensc (Ubuntu Natty) Importance: Undecided Status: New ** Changed in: opensc (Ubuntu Lucid) Status: New => Confirmed ** Changed in: opensc (Ubuntu Lucid) Importance: Undecided => Low ** Changed in: opensc (Ubuntu Maverick) Status: New => Confirmed ** Changed in: opensc (Ubuntu Maverick) Importance: Undecided => Low ** Changed in: opensc (Ubuntu Natty) Status: New => Confirmed ** Changed in: opensc (Ubuntu Natty) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** This bug has been flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-natty.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772306/+files/opensc-natty.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch removed: "opensc-natty.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771418/+files/opensc-natty.debdiff ** Patch removed: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771517/+files/opensc-lucid.debdiff ** Patch added: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772305/+files/opensc-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
FWIW, I think the compiler flags[1] will reduce this vulnerability from being exploitable to only being a denial of service, but additional study would be needed. [1] https://wiki.ubuntu.com/CompilerFlags -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771518/+files/opensc-maverick.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch removed: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771515/+files/opensc-lucid.debdiff ** Patch removed: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771516/+files/opensc-maverick.debdiff ** Patch added: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771517/+files/opensc-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771516/+files/opensc-maverick.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch removed: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771441/+files/opensc-lucid.debdiff ** Patch removed: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771455/+files/opensc-maverick.debdiff ** Patch added: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771515/+files/opensc-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch removed: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771417/+files/opensc-maverick.debdiff ** Patch added: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771455/+files/opensc-maverick.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch removed: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771416/+files/opensc-lucid.debdiff ** Patch added: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771441/+files/opensc-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-natty.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771418/+files/opensc-natty.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771417/+files/opensc-maverick.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch removed: "opensc-natty.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771322/+files/opensc-natty.debdiff ** Patch removed: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771323/+files/opensc-lucid.debdiff ** Patch removed: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771335/+files/opensc-maverick.debdiff ** Patch added: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771416/+files/opensc-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Description changed: Binary package hint: opensc A potential security problem exists at least in Ubuntu 10.04 LTS and was fixed upstream in https://www.opensc-project.org/opensc/changeset/4913 . + + Testing: the package was tested on Lucid, no regression was obvious. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-maverick.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771335/+files/opensc-maverick.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771323/+files/opensc-lucid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "opensc-natty.debdiff" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771322/+files/opensc-natty.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
I've built a patched package for testing in https://launchpad.net/~tspindler/+archive/opensc-lvm A first test of the patched package on a smartcard enabled system was successful. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
** Patch added: "buffer-overflow.patch" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771278/+files/buffer-overflow.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 692483] Re: Buffer overflow
The problem seems to be also in the git repo from upstream Debian, git://git.debian.org/git/pkg-opensc/opensc.git . The attached patches are taken from opensc upstream (https://www.opensc- project.org/opensc/changeset/4912 and https://www.opensc- project.org/opensc/changeset/4913). ** Patch added: "min-max.patch" https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771277/+files/min-max.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/692483 Title: Buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
