[pkg-opensc-maint] sid and bookworm-pu OpenSC NMU to fix open no-dsa vulnerabilities
Guilhem Moulin
guilhem at debian.org
Mon Dec 23 02:10:01 GMT 2024
[Sorry for the duplicate Eric; resending with compressed patch-applied
debdiffs to avoid hitting the message limit on the list.]
Hi there,
While working on an upload for Bullseye LTS I noticed the versions
currently found in Bookworm and Sid are vulnerable to no-dsa security
issues [0].
The upstream patches are many but trivially apply to 0.25.1-2 and
0.23.0-0.3+deb12u1. I attach tested debdiffs; individual commits and
tag can be found on the LTS team fork [1,2].
Unless you object I'll upload a deferred NMU for sid with these changes,
and later file a bookworm-pu bug (aiming at 12.9 which is currently
scheduled on Jan 11th with a 1w freeze before that).
Cheers
--
Guilhem.
[0] https://security-tracker.debian.org/tracker/source-package/opensc
[1] https://salsa.debian.org/lts-team/packages/opensc/-/tree/debian/latest?ref_type=heads
[2] https://salsa.debian.org/lts-team/packages/opensc/-/tree/debian/bookworm?ref_type=heads
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opensc_0.25.1-2.1.debdiff.xz
Type: application/x-xz
Size: 7552 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-opensc-maint/attachments/20241223/d45ff281/attachment-0002.xz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opensc_0.23.0-0.3+deb12u2.debdiff.xz
Type: application/x-xz
Size: 14748 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-opensc-maint/attachments/20241223/d45ff281/attachment-0003.xz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-opensc-maint/attachments/20241223/d45ff281/attachment-0001.sig>
More information about the pkg-opensc-maint
mailing list