[Git][security-tracker-team/security-tracker][master] Reserve DLA-2832-1 for opensc

Adrian Bunk (@bunk) bunk at debian.org
Mon Nov 29 09:06:21 GMT 2021



Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f18b16fc by Adrian Bunk at 2021-11-29T11:06:08+02:00
Reserve DLA-2832-1 for opensc

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -77971,19 +77971,16 @@ CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 la
 CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a  ...)
 	- opensc 0.21.0-1 (bug #972035)
 	[buster] - opensc <no-dsa> (Minor issue)
-	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
 	NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 (0.21.0-rc1)
 CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...)
 	- opensc 0.21.0-1 (bug #972036)
 	[buster] - opensc <no-dsa> (Minor issue)
-	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
 	NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 (0.21.0-rc1)
 CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...)
 	- opensc 0.21.0-1 (bug #972037)
 	[buster] - opensc <no-dsa> (Minor issue)
-	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
 	NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e (0.21.0-rc1)
 CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets can lea ...)
@@ -140781,7 +140778,6 @@ CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro
 	{DLA-2046-1}
 	- opensc 0.20.0-1 (bug #947383)
 	[buster] - opensc <no-dsa> (Minor issue)
-	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
 	NOTE: https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
 CVE-2019-19478
@@ -154308,13 +154304,11 @@ CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1
 	{DLA-1916-1}
 	- opensc 0.20.0-1 (bug #939669)
 	[buster] - opensc <no-dsa> (Minor issue)
-	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
 CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
 	{DLA-1916-1}
 	- opensc 0.20.0-1 (bug #939668)
 	[buster] - opensc <no-dsa> (Minor issue)
-	[stretch] - opensc <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
 CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...)
 	NOT-FOR-US: Counter-Strike: Global Offensive


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Nov 2021] DLA-2832-1 opensc - security update
+	{CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572}
+	[stretch] - opensc 0.16.0-3+deb9u2
 [28 Nov 2021] DLA-2831-1 libntlm - security update
 	{CVE-2019-17455}
 	[stretch] - libntlm 1.4-8+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -74,8 +74,6 @@ nvidia-graphics-drivers
   NOTE: 20211108: nvidia-graphics-drivers-legacy-390xx 390.144-1 in buster/bullseye/bookworm
   NOTE: 20211108: now fixes all 5 CVEs (bunk)
 --
-opensc (Adrian Bunk)
---
 pgbouncer (Thorsten Alteholz)
   NOTE: 20211128: also help with other releases
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b16fccc3b3116b9b1182abd1b29c979a2700f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b16fccc3b3116b9b1182abd1b29c979a2700f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211129/a6fb9031/attachment.htm>


More information about the debian-security-tracker-commits mailing list