summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Bunk <bunk@debian.org>2021-11-29 11:06:08 +0200
committerAdrian Bunk <bunk@debian.org>2021-11-29 11:06:08 +0200
commitd51ae257dfc92653b408d32f1f2e337a665b51b5 (patch)
tree1afb282f5d16163c5ade79bc4f4b909c9a797de2
parentbffa1509767d530e8eb6963b0e6ed1ccdfe66029 (diff)
Reserve DLA-2832-1 for opensc
Diffstat
-rw-r--r--data/CVE/list.20193
-rw-r--r--data/CVE/list.20203
-rw-r--r--data/DLA/list3
-rw-r--r--data/dla-needed.txt2
4 files changed, 3 insertions, 8 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 3353b738b3..fdd007e843 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -4212,7 +4212,6 @@ CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro
{DLA-2046-1}
- opensc 0.20.0-1 (bug #947383)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
NOTE: https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
CVE-2019-19478
@@ -12913,13 +12912,11 @@ CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1
{DLA-1916-1}
- opensc 0.20.0-1 (bug #939669)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
{DLA-1916-1}
- opensc 0.20.0-1 (bug #939668)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...)
NOT-FOR-US: Counter-Strike: Global Offensive
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 7da43405f5..141006bbc4 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -10906,19 +10906,16 @@ CVE-2020-26573
CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...)
- opensc 0.21.0-1 (bug #972035)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 (0.21.0-rc1)
CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...)
- opensc 0.21.0-1 (bug #972036)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 (0.21.0-rc1)
CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...)
- opensc 0.21.0-1 (bug #972037)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e (0.21.0-rc1)
CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets can lea ...)
diff --git a/data/DLA/list b/data/DLA/list
index e65cfc93ef..74a0b2f600 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[29 Nov 2021] DLA-2832-1 opensc - security update
+ {CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572}
+ [stretch] - opensc 0.16.0-3+deb9u2
[28 Nov 2021] DLA-2831-1 libntlm - security update
{CVE-2019-17455}
[stretch] - libntlm 1.4-8+deb9u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index ff63a645c7..1964bea80a 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -74,8 +74,6 @@ nvidia-graphics-drivers
NOTE: 20211108: nvidia-graphics-drivers-legacy-390xx 390.144-1 in buster/bullseye/bookworm
NOTE: 20211108: now fixes all 5 CVEs (bunk)
--
-opensc (Adrian Bunk)
---
pgbouncer (Thorsten Alteholz)
NOTE: 20211128: also help with other releases
--

© 2014-2024 Faster IT GmbH | imprint | privacy policy