From df77747d33cf74f64b970f1471da94efe7849d26 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Mon, 29 Nov 2021 11:06:08 +0200 Subject: Reserve DLA-2832-1 for opensc --- data/CVE/2019.list | 3 --- data/CVE/2020.list | 3 --- data/DLA/list | 3 +++ data/dla-needed.txt | 2 -- 4 files changed, 3 insertions(+), 8 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 3353b738b3..fdd007e843 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4212,7 +4212,6 @@ CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro {DLA-2046-1} - opensc 0.20.0-1 (bug #947383) [buster] - opensc (Minor issue) - [stretch] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 NOTE: https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 CVE-2019-19478 @@ -12913,13 +12912,11 @@ CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 {DLA-1916-1} - opensc 0.20.0-1 (bug #939669) [buster] - opensc (Minor issue) - [stretch] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...) {DLA-1916-1} - opensc 0.20.0-1 (bug #939668) [buster] - opensc (Minor issue) - [stretch] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68 CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...) NOT-FOR-US: Counter-Strike: Global Offensive diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 7da43405f5..141006bbc4 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -10906,19 +10906,16 @@ CVE-2020-26573 CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...) - opensc 0.21.0-1 (bug #972035) [buster] - opensc (Minor issue) - [stretch] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 (0.21.0-rc1) CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...) - opensc 0.21.0-1 (bug #972036) [buster] - opensc (Minor issue) - [stretch] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 (0.21.0-rc1) CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...) - opensc 0.21.0-1 (bug #972037) [buster] - opensc (Minor issue) - [stretch] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e (0.21.0-rc1) CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets can lea ...) diff --git a/data/DLA/list b/data/DLA/list index e65cfc93ef..74a0b2f600 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[29 Nov 2021] DLA-2832-1 opensc - security update + {CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572} + [stretch] - opensc 0.16.0-3+deb9u2 [28 Nov 2021] DLA-2831-1 libntlm - security update {CVE-2019-17455} [stretch] - libntlm 1.4-8+deb9u1 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index ff63a645c7..1964bea80a 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -74,8 +74,6 @@ nvidia-graphics-drivers NOTE: 20211108: nvidia-graphics-drivers-legacy-390xx 390.144-1 in buster/bullseye/bookworm NOTE: 20211108: now fixes all 5 CVEs (bunk) -- -opensc (Adrian Bunk) --- pgbouncer (Thorsten Alteholz) NOTE: 20211128: also help with other releases -- -- cgit v1.2.3