Debian Bug report logs -
#909444
Minor security issues, CVE-2018-{16391-16393,16418-16427}
Reported by: Eric Dorland <eric@debian.org>
Date: Sun, 23 Sep 2018 18:21:01 UTC
Severity: important
Tags: security
Found in version opensc/0.16.0-3
Fixed in versions opensc/0.19.0~rc1-1, opensc/0.19.0-1, opensc/0.16.0-3+deb9u1
Done: Eric Dorland <eric@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian OpenSC Maintainers <pkg-opensc-maint@lists.alioth.debian.org>:
Bug#909444; Package opensc.
(Sun, 23 Sep 2018 18:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Eric Dorland <eric@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian OpenSC Maintainers <pkg-opensc-maint@lists.alioth.debian.org>.
(Sun, 23 Sep 2018 18:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: opensc
Version: 0.16.0-3
Severity: important
Tags: security
https://security-tracker.debian.org/tracker/source-package/opensc has the complete list.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.5.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages opensc depends on:
ii libc6 2.27-5
ii libglib2.0-0 2.56.1-2
ii libreadline7 7.0-5
ii libssl1.1 1.1.1~~pre9-1
ii opensc-pkcs11 0.18.0-3
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages opensc recommends:
ii pcscd 1.8.23-3
opensc suggests no packages.
-- no debconf information
Marked as fixed in versions opensc/0.19.0~rc1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 23 Sep 2018 18:33:04 GMT) (full text, mbox, link).
Reply sent
to Eric Dorland <eric@debian.org>:
You have taken responsibility.
(Sun, 30 Sep 2018 22:18:06 GMT) (full text, mbox, link).
Notification sent
to Eric Dorland <eric@debian.org>:
Bug acknowledged by developer.
(Sun, 30 Sep 2018 22:18:06 GMT) (full text, mbox, link).
Message #12 received at 909444-close@bugs.debian.org (full text, mbox, reply):
Source: opensc
Source-Version: 0.19.0-1
We believe that the bug you reported is fixed in the latest version of
opensc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 909444@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <eric@debian.org> (supplier of updated opensc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 30 Sep 2018 16:26:03 -0400
Source: opensc
Binary: opensc opensc-pkcs11
Architecture: source
Version: 0.19.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSC Maintainers <pkg-opensc-maint@lists.alioth.debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description:
opensc - Smart card utilities with support for PKCS#15 compatible cards
opensc-pkcs11 - Smart card utilities with support for PKCS#15 compatible cards
Closes: 908363 909444
Changes:
opensc (0.19.0-1) unstable; urgency=medium
.
* New upstream release (Closes: 908363, 909444)
* Fix linebreak in watch file
Checksums-Sha1:
50ce1ba0e60d0fd475966da7108a9f939bb04da1 2127 opensc_0.19.0-1.dsc
7e4e52c15407b5e1642418068ae52a38b01cdaec 1607290 opensc_0.19.0.orig.tar.gz
99b392bfc1c6d1aacc8a2cd743e19ee3d089206a 12772 opensc_0.19.0-1.debian.tar.xz
dc4443612b43f70e6e08914b87128248126758fa 7974 opensc_0.19.0-1_amd64.buildinfo
Checksums-Sha256:
f951a71e5e602e7fd3ba3332364fc830cd15ab5738bf4c8e1c565becab75adf3 2127 opensc_0.19.0-1.dsc
c0b803ba36aac9b5fef7f249adb9dffaf3f298db85304531b6a0574519743cf2 1607290 opensc_0.19.0.orig.tar.gz
dc8201cd7200cbb0b45ade49ae7ed2f988f93d61b6c6ba488e980c29f9449c40 12772 opensc_0.19.0-1.debian.tar.xz
c5eec0489b11158e70aa037d3eb5f8d8d522532de47c036995dd60f8e8da6240 7974 opensc_0.19.0-1_amd64.buildinfo
Files:
f8b77c51da441a364f5d7b7c7acc139a 2127 utils optional opensc_0.19.0-1.dsc
6a37eb339fb3226da6dfb6b1c27d75a2 1607290 utils optional opensc_0.19.0.orig.tar.gz
50d2f40bee6ac49f3d51e6aa5c9fbfa2 12772 utils optional opensc_0.19.0-1.debian.tar.xz
12c9a629a072e589f022549a723c9281 7974 utils optional opensc_0.19.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEQ88SKPcm/VtHTOliwlb71QAiHpMFAluxP/wACgkQwlb71QAi
HpMiTg//fo7HxYoeBQBcsMFl+sHblGqOAs/yu5CjcFeclMGul50PHYue7nPXEZjs
FRUm/3jwHNC/cl8FAnxawBxE0kVDskOV2NOMlLE2JmiraWP+dtrZs2x4VYP15Lll
khvZB2/lu5aqybpkPnT2UmM+L1sVM6U3EYJlbPv7HRCsKliJ/vRPq9QVudANPg2t
Kr4RG4l2HaUwOju4IIVBkzha8vvduKkQGQnu6tOWxahOk7upHoVMUf4lRmB/OODY
SGuglncw5tB8PZI1Mf1vVgA6wnpzQz/Q9BSzaGq7jw/8YGjiufzjB09CTeWc3A13
tfoOcT8HOdkc7mHFUGB7zf2t6okgFHdcVaSgs8XP+R6sBD6KztD9A08Q7e2yl8Vx
gdrK314VdkP/vHOCEnwGTFKHJdQZDwf16XrTF1hdUSKdHmYKOYetkU101/tHIF9J
alqqPjlPO49tRShiqYuxfHlebp2M2oYKL9V0O7kIy3QKyvMjqb1zWOCkTH533c5Q
4SEWxlSSvGr3wAuo5r2NfXBt23fdxVFkqpwsylW5hf4m+4oIGZWG3i1FBHJAvISH
pAxiMy2h4hAcurzXJOaWYvna17c58vs+Vc/WegbWFwBQIh/ouC04qR6PKtvI1HWV
e9xwkZxhegQrwjc55RaEONVu4xuL1kyBT2yC5QVrvPO8oCv2Bn4=
=Gx4U
-----END PGP SIGNATURE-----
Reply sent
to Eric Dorland <eric@debian.org>:
You have taken responsibility.
(Thu, 04 Oct 2018 19:18:17 GMT) (full text, mbox, link).
Notification sent
to Eric Dorland <eric@debian.org>:
Bug acknowledged by developer.
(Thu, 04 Oct 2018 19:18:17 GMT) (full text, mbox, link).
Message #17 received at 909444-close@bugs.debian.org (full text, mbox, reply):
Source: opensc
Source-Version: 0.16.0-3+deb9u1
We believe that the bug you reported is fixed in the latest version of
opensc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 909444@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <eric@debian.org> (supplier of updated opensc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 30 Sep 2018 15:30:15 -0400
Source: opensc
Binary: opensc opensc-pkcs11
Architecture: source
Version: 0.16.0-3+deb9u1
Distribution: stable
Urgency: medium
Maintainer: Debian OpenSC Maintainers <pkg-opensc-maint@lists.alioth.debian.org>
Changed-By: Eric Dorland <eric@debian.org>
Description:
opensc - Smart card utilities with support for PKCS#15 compatible cards
opensc-pkcs11 - Smart card utilities with support for PKCS#15 compatible cards
Closes: 909444
Changes:
opensc (0.16.0-3+deb9u1) stable; urgency=medium
.
* Backport patches from 0.19.0 to fix CVE-2018-16391, CVE-2018-16392,
CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420,
CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16424,
CVE-2018-16425, CVE-2018-16426, CVE-2018-16427. (Closes: 909444)
Checksums-Sha1:
b8ea50b348daffcc9a68fcab3c5ad7f8572e89c0 2137 opensc_0.16.0-3+deb9u1.dsc
4c19e9e9923949ee970c5ac32baaea74bdd0d8b4 20188 opensc_0.16.0-3+deb9u1.debian.tar.xz
629fad93432d58a492c1afec752d7a4ff33accbc 7156 opensc_0.16.0-3+deb9u1_amd64.buildinfo
Checksums-Sha256:
ccbac770522f9700e125dd5fe7e1b8b2f529f0824fc28ac6dae9172dfcfa795c 2137 opensc_0.16.0-3+deb9u1.dsc
d87e548b4ba6048381f0d8a93f1ec849a709c755f425c4ebf62979572b3d9b30 20188 opensc_0.16.0-3+deb9u1.debian.tar.xz
9e8b1d3c5a2a6d73bd682fe619dddc2f39ffb71069243f5e7cc782a7ae452dd1 7156 opensc_0.16.0-3+deb9u1_amd64.buildinfo
Files:
11e804f2f815ee26a4b7f8674f2d5c66 2137 utils extra opensc_0.16.0-3+deb9u1.dsc
4549a28d30aa54ab1cd5c61099123c7a 20188 utils extra opensc_0.16.0-3+deb9u1.debian.tar.xz
7ff32acc6d62d40fe912b7d7de1dfb70 7156 utils extra opensc_0.16.0-3+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEQ88SKPcm/VtHTOliwlb71QAiHpMFAluxKwAACgkQwlb71QAi
HpO5eA/9Hf+h41N2gdGzCInM//1hET4yGzXtSWZyzukMjxQdvwWYTHhqB+BJMdrN
8MbZQsUqnEZHCo1DADXA00BvLwGI0lpwwgKrP2T2Ou5ZmJj/OS8HfK0nRgxu1zz2
7pl7lZRAGO2Ivpx72cDZNPcVPR8HLbxdmabsT2DaDcGMViIbpKOp4ED4GdCr0OZ3
WwOC7iZCJtB6ZbBdv3h4TksepYqPyp+70TZKFzyzVIwHRIZV/qKkE5juyuOBhb2z
mfnVyxVMcljHYhp1z1KhmYwJ/g1yHILAF49nB6TJtsZtpLHFj9+Oofbgs8YRckm3
ZR8jJMK9T4xlctt3pmpL67d6vcN7SKqge1Ys+EWtOsKHI1oSlLta/1preUX038ok
tzeRvzh/q2/xoDhOt0EYfGKtjB1zNX1h4vtZ2dJU83Z1EByHQ71dPYrgIYyjP/9h
KK9mJFH/qS3qQ2/FDQwIqTpvDz9QhGfNAIjpxeATSdAkbnOQxBGaVQXnOTHHBsxw
20wCe3W/N5HT9/7sx0k45mfF9CPn7UTJigf+S71Dvo2JzxAmlmrOSI4AOKzOsWId
1Kfby/OAMfw6BHxOYhDHJOhl7+U7KFNeCg/NyCcoPp1y8WZrZEw2F2ym58SBfowQ
GjFdqa30YA3IFPOPewGeHByOcjaXrhKUZghSxH1Z3mVUES3w3ps=
=GaTs
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 02 Nov 2018 07:28:50 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:14:15 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon