** Changed in: opensc (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
For the record, this is CVE-2010-4523 and it's being tracked in Debian
bug #607427 (#607732 was a duplicate)
** Bug watch added: Debian Bug tracker #607427
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4523
**
Thanks Jonathan! I caught the update today but missed the original bug.
Sorry about that.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
** Patch removed: opensc-natty.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771418/+files/opensc-natty.debdiff
** Patch removed: opensc-lucid.debdiff
** Patch added: opensc-natty.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772306/+files/opensc-natty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Also affects: opensc (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: opensc (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: opensc (Ubuntu Natty)
Importance: Undecided
Status: New
** Changed in: opensc (Ubuntu Lucid)
This bug was fixed in the package opensc - 0.11.13-1ubuntu4
---
opensc (0.11.13-1ubuntu4) natty; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
-
ACK
** Changed in: opensc (Ubuntu Lucid)
Status: Confirmed = Fix Committed
** Changed in: opensc (Ubuntu Maverick)
Status: Confirmed = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks for your patches! These look great and I have uploaded them to
the security PPA. When they finish building, I will push them to the
archive.
Minor nit: with DEP-3 quilt patches you don't need the DEP-3 comments commented
out with '##'. Eg, the following is preferred:
Description: Fix
Used submittodebian to open http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=607732.
** Bug watch added: Debian Bug tracker #607732
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607732
** Also affects: opensc (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607732
** Branch linked: lp:ubuntu/opensc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Patch added: opensc-karmic.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772657/+files/opensc-karmic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: opensc-hardy.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1772708/+files/opensc-hardy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Torsten, thanks for the patches for the older releases. The karmic
debdiff only has template text for the DEP-3 comments, and the hardy
debdiff should have the DEP-3 info in the debian/changelog since there
isn't a patch system.
--
You received this bug notification because you are a member of
Also, the hardy debdiff has 'jaunty' instead of 'hardy-security' and
uses the wrong version for hardy. It should be 0.11.4-2ubuntu2.1. I'll
fix these up in the interest of time.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Also affects: opensc (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: opensc (Ubuntu Karmic)
Importance: Undecided
Status: New
** Changed in: opensc (Ubuntu Hardy)
Status: New = Confirmed
** Changed in: opensc (Ubuntu Hardy)
Importance:
Karmic also had the wrong version. In the future, please review
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging to make
sure the debdiff is correct. Thanks again. :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
We can use even short URLs in DEP3:
instead https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483
I really preffer https://launchpad.net/bugs/692483
Regards and thanks for patch.
MOTU SWAT
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Karmic also had the wrong version. In the future, please review
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging to make
sure the debdiff is correct. Thanks again. :)
** Changed in: opensc (Ubuntu Hardy)
Status: Confirmed = Fix Committed
** Changed in: opensc (Ubuntu
This bug was fixed in the package opensc - 0.11.13-1ubuntu2.1
---
opensc (0.11.13-1ubuntu2.1) maverick-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
-
This bug was fixed in the package opensc - 0.11.12-1ubuntu3.2
---
opensc (0.11.12-1ubuntu3.2) lucid-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
-
This bug was fixed in the package opensc - 0.11.8-1ubuntu2.1
---
opensc (0.11.8-1ubuntu2.1) karmic-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
-
This bug was fixed in the package opensc - 0.11.4-2ubuntu2.1
---
opensc (0.11.4-2ubuntu2.1) hardy-security; urgency=low
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- Move MIN and MAX macros from muscle.c to internal.h
-
** Branch linked: lp:ubuntu/maverick-security/opensc
** Branch linked: lp:ubuntu/karmic-security/opensc
** Branch linked: lp:ubuntu/lucid-security/opensc
** Branch linked: lp:ubuntu/hardy-security/opensc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
The problem seems to be also in the git repo from upstream Debian,
git://git.debian.org/git/pkg-opensc/opensc.git . The attached patches
are taken from opensc upstream (https://www.opensc-
project.org/opensc/changeset/4912 and https://www.opensc-
project.org/opensc/changeset/4913).
** Patch
** Patch added: buffer-overflow.patch
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771278/+files/buffer-overflow.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I've built a patched package for testing in
https://launchpad.net/~tspindler/+archive/opensc-lvm
A first test of the patched package on a smartcard enabled system was
successful.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: opensc-natty.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771322/+files/opensc-natty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: opensc-lucid.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771323/+files/opensc-lucid.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: opensc-maverick.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771335/+files/opensc-maverick.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
Binary package hint: opensc
A potential security problem exists at least in Ubuntu 10.04 LTS and was
fixed upstream in https://www.opensc-project.org/opensc/changeset/4913 .
+
+ Testing: the package was tested on Lucid, no regression was obvious.
--
You
** Patch removed: opensc-natty.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771322/+files/opensc-natty.debdiff
** Patch removed: opensc-lucid.debdiff
** Patch added: opensc-maverick.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771417/+files/opensc-maverick.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: opensc-natty.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771418/+files/opensc-natty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch removed: opensc-lucid.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771416/+files/opensc-lucid.debdiff
** Patch added: opensc-lucid.debdiff
** Patch removed: opensc-maverick.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771417/+files/opensc-maverick.debdiff
** Patch added: opensc-maverick.debdiff
** Patch removed: opensc-lucid.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771441/+files/opensc-lucid.debdiff
** Patch removed: opensc-maverick.debdiff
** Patch added: opensc-maverick.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771516/+files/opensc-maverick.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch removed: opensc-lucid.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771515/+files/opensc-lucid.debdiff
** Patch removed: opensc-maverick.debdiff
** Patch added: opensc-maverick.debdiff
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483/+attachment/1771518/+files/opensc-maverick.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/692483
Title:
Buffer overflow
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
FWIW, I think the compiler flags[1] will reduce this vulnerability from
being exploitable to only being a denial of service, but additional
study would be needed.
[1] https://wiki.ubuntu.com/CompilerFlags
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
43 matches
Mail list logo