[Git][security-tracker-team/security-tracker][master] Add four new opensc issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 31 06:56:22 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cb5ad6c7 by Salvatore Bonaccorso at 2026-03-31T07:55:42+02:00
Add four new opensc issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -136,13 +136,27 @@ CVE-2026-25704 (A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use
CVE-2026-1612 (AL-KO Robolinho Update Software has hard-coded AWS Access and Secret k ...)
NOT-FOR-US: AL-KO Robolinho Update Software
CVE-2025-66215 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
- TODO: check
+ - opensc 0.27.0~rc1-1
+ NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2
+ NOTE: https://github.com/OpenSC/OpenSC/pull/3436
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66215
+ NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/a4bbf8a631537a4c0083b264095ed1cd36d307ab (0.27.0-rc1)
+ NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/56bc5e9575965461d99a274be45d71c18ab6eae0 (0.27.0-rc1)
CVE-2025-66038 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
- TODO: check
+ - opensc 0.27.0~rc1-1
+ NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459
+ NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c (0.27.0-rc1)
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038
CVE-2025-66037 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
- TODO: check
+ - opensc <unfixed>
+ NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037
+ NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/65fc211015cfcac27b10d0876054156c97225f50 (0.27.0)
CVE-2025-49010 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
- TODO: check
+ - opensc 0.27.0~rc1-1
+ NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4
+ NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010
+ NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/953986f65db61871bbbff72788d861d67d5140c6 (0.27.0-rc1)
CVE-2025-3716 (User enumeration in ESET Protect (on-prem) viaResponse Timing.)
NOT-FOR-US: ESET
CVE-2025-15379 (A command injection vulnerability exists in MLflow's model serving con ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb5ad6c76b29c4f09d0e9e94cbb74b41d42be414
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb5ad6c76b29c4f09d0e9e94cbb74b41d42be414
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260331/abf1b30f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list