[pkg-opensc-maint] Bug#1055539: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
Bastian Germann
bage at debian.org
Wed Nov 8 01:15:36 GMT 2023
Package: release.debian.org
Control: affects -1 + src:opensc
X-Debbugs-Cc: opensc at packages.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: bookworm
Severity: normal
[ Reason ]
opensc in bookworm is vulnerable for CVE-2023-4535, CVE-2023-40660, CVE-2023-40661.
[ Impact ]
User can be attacked via the CVE vectors.
[ Tests ]
No automated tests. I have not exploited the CVEs.
[ Risks ]
I have left out two patches of CVE-2023-40661 because they change code that is not yet available in
the bookworm release. There might be side effects of not applying them
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
More information about the pkg-opensc-maint
mailing list