Debian Patches
Status for opensc/0.23.0-0.3+deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2023-5992/14-7471dd2.patch | minidriver: Refactor inversion of decrypted buffer | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/7471dd26cde84bf573c03af68b47c0b0dab5edfa | 2024-03-21 |
| 0029-authentic-Avoid-memory-leaks.patch | authentic: Avoid memory leaks Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | upstream | https://github.com/OpenSC/OpenSC/commit/6d1fcd9cf82c6501089898066656fbe6737f3ced | 2023-11-23 |
| CVE-2024-1454.patch | authentic: Avoid use after free Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9 | 2023-12-18 |
| CVE-2024-45616/03-1d3b410.patch | cardos: Fix uninitialized values Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/1d3b410e06d33cfc4c70e8a25386e456cfbd7bd1 | 2024-07-11 |
| CVE-2023-5992/03-2ee8730.patch | pkcs15-sec: Remove logging after PKCS#1 v1.5 depadding To prevent Marvin attack on RSA PKCS#1 v1.5 padding when logging the return value, signaling the padding error. |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/2ee8730649e9a0f2ab01597cfba4f72571eed601 | 2023-11-16 |
| CVE-2024-45616/05-5fa7587.patch | muscle: Report invalid SW when reading object Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5fa758767e517779fc5398b6b4faedc4e36d3de5 | 2024-07-12 |
| CVE-2024-45616/06-3562969.patch | card-mcrd: Check length of response buffer in select Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/3562969c90a71b0bcce979f0e6d627546073a7fc | 2024-07-12 |
| CVE-2024-45615/03-bb3dedb.patch | pkcs15-cert.c: Initialize OID length In case it is not set later. Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7 | 2024-07-12 |
| CVE-2024-45616/07-16ada9d.patch | card-gids: Use actual length of reponse buffer Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/16ada9dc7cddf1cb99516aea67b6752c251c94a2 | 2024-07-12 |
| CVE-2024-45616/04-cccdfc4.patch | card-dnie: Check APDU response length and ASN1 lengths Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/cccdfc46b10184d1eea62d07fe2b06240b7fafbc | 2024-07-12 |
| 0013-CVE-2023-40661.patch | pkcs15-cflex: check path length to prevent underflow Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58932 |
=?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/c449a181a6988cc1e8dc8764d23574e48cdc3fa6 | 2023-06-19 | |
| 0014-CVE-2023-40661.patch | Check array bounds Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54312 |
Veronika Hanulikova <xhanulik@fi.muni.cz> | no | https://github.com/OpenSC/OpenSC/commit/df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1 | 2023-02-10 | |
| 0015-CVE-2023-40661.patch | Check length of string before making copy Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55851 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55998 |
Veronika Hanulikova <xhanulik@fi.muni.cz> | no | https://github.com/OpenSC/OpenSC/commit/5631e9843c832a99769def85b7b9b68b4e3e3959 | 2023-03-03 | |
| CVE-2023-5992/12-21a0a25.patch | minidriver: Remove logging to prevent Marvin attack | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/21a0a25e516cc46724659efb1f08e778d1c225f5 | 2024-03-20 |
| CVE-2023-5992/13-29a98e5.patch | unittests: Test correct output length for PKCS#1 v1.5 depadding | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/29a98e5b2811f3df7cc7982d8b30a86e756c325c | 2024-03-20 |
| CVE-2023-5992/01-e8883b1.patch | Reimplement removing of PKCS#1 v1.5 padding to be time constant | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/e8883b1f91572c40bab8718f0ba274ab71906490 | 2023-11-13 |
| CVE-2023-5992/02-bfe0e05.patch | Add unit tests for PKCS#1 v1.5 de-padding | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/bfe0e05f4aa771d6beab4660c06072eb6eedf372 | 2023-11-13 |
| CVE-2023-5992/10-c153e2f.patch | Fix constant-time comparison of negative values Thanks Coverity CID 414687 |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/c153e2fe979b05851ab06b45799a9358cdde6fe3 | 2024-02-05 |
| CVE-2023-5992/11-556cbf3.patch | padding: Set correct output length in PKCS#1 v1.5 depadding | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/556cbf3ef71425e69eb3914961332f67335cd9ff | 2024-03-19 |
| 0001-Use-sysconfdir-opensc-for-opensc.conf.patch | Use $sysconfdir/opensc for opensc.conf | Eric Dorland <eric@debian.org> | no | 2020-01-26 | ||
| 0002-Fix-private-key-import.patch | pkcs11-tool: Fix private key import | Jakub Jelen <jjelen@redhat.com> | no | upstream, 9294183e07ff4944e3f5e590f343f5727636767e | 2022-12-01 | |
| 0003-Log-OpenSSL-errors.patch | pkcs11-tool: Log more information on OpenSSL errors | Jakub Jelen <jjelen@redhat.com> | no | upstream, cff91cf6167743bdd59285150c4ef19802ed2644 | 2022-12-01 | |
| 0004-pkcs15init-correct-left-length-calculation.patch | pkcs15init: correct left length calculation to fix buffer overrun bug. Fixes #2785 From https://github.com/OpenSC/OpenSC/issues/2785: The newly found issue exists in pkcs15-init module. Like the original bug in libopensc, cardos_have_verifyrc_package in pkcs15-cardos.c scans an ans1 buffer for 2 tags. The pointer p is moved after each sc_asn1_find_tag invocation, which results in the miscalculation of the length of left bytes in buffer and hence reading beyond the end of the buffer. CVE-2023-2977 was assigned for this issue. |
fullwaywang <fullwaywang@tencent.com> | no | https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a | 2023-05-29 | |
| 0006-CVE-2023-4535.patch | NULL pointer fix Thanks to the clang analyzer: Null pointer passed to 2nd parameter expecting 'nonnull' [clang-analyzer-core.NonNullParamChecker] modified: src/libopensc/card-myeid.c |
Peter Popovec <popovec.peter@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/cde2e050ec4f2f1b7db38429aa4e9c0f4656308c | 2023-04-26 | |
| 0007-CVE-2023-4535.patch | myeid: fixed CID 380538 Out-of-bounds read (OVERRUN) also fixes output buffer size checking |
Peter Popovec <popovec.peter@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 | 2023-06-27 | |
| 0008-CVE-2023-40660.patch | Fixed PIN authentication bypass If two processes are accessing a token, then one process may leave the card usable with an authenticated PIN so that a key may sign/decrypt any data. This is especially the case if the token does not support a way of resetting the authentication status (logout). We have some tracking of the authentication status in software via PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a PIN-prompt will appear even though the card may technically be unlocked as described in the above example. However, before this change, an empty PIN was not verified (likely yielding an error during PIN-verification), but it was just checked whether the PIN is authenticated. This defeats the purpose of the PIN verification, because an empty PIN is not the correct one. Especially during OS Logon, we don't want that kind of shortcut, but we want the user to verify the correct PIN (even though the token was left unattended and authentication at the computer). This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864. |
Frank Morgner <frankmorgner@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7 | 2023-06-21 | |
| 0009-CVE-2023-40661.patch | pkcs15: Avoid buffer overflow when getting last update Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60769 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7 | 2023-08-17 | |
| 0010-CVE-2023-40661.patch | setcos: Avoid buffer underflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651 | 2023-08-17 | |
| 0011-CVE-2023-40661.patch | oberthur: Avoid buffer overflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e | 2023-09-20 | |
| 0012-CVE-2023-40661.patch | sc_pkcs15init_rmdir: prevent out of bounds write fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927 |
Frank Morgner <frankmorgner@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec | 2022-12-08 | |
| CVE-2023-5992/04-0494e46.patch | framework-pkcs15.c: Handle PKCS#1 v1.5 depadding constant-time In order to not disclose time side-channel when the depadding fails, do the same operations as for case when depadding ends with success. |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/0494e46a39ed52a5f81216e88a8a994bb6b7b280 | 2023-11-16 |
| CVE-2023-5992/05-5b5fcc9.patch | mechanism: Handle PKCS#1 v1.5 depadding constant-time | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5b5fcc983b37f0d3587f61fd986026647e88c323 | 2024-01-08 |
| CVE-2023-5992/06-e018f19.patch | minidriver: Make CardRSADecrypt constant-time | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/e018f1941bb8630b5ef8cc08b80182d801f4114e | 2023-11-22 |
| CVE-2023-5992/07-2d84cec.patch | pkcs11-object: Remove return value logging To prevent Marvin attack on RSA PKCS#1 v1.5 padding when logging the return value, signaling the padding error. |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/2d84cec2fc6f5093387d29b0bbc808b24e043b00 | 2023-11-24 |
| CVE-2023-5992/08-b31f82b.patch | misc: Compare return value constant-time | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/b31f82bcebb2a3b53348a1b16f038fce4d3ed9bb | 2023-11-24 |
| CVE-2023-5992/09-5747804.patch | unittests: Do not use uninitialized memory Thanks Coverity CID 414676, 414677, 414678, 414679, 414680, 414681, 414682, 414683, 414684, 414685, 414686 |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5747804c645c3d57d69a0ec733697d79e5b66f7b | 2024-02-05 |
| CVE-2024-8443/01-b28a3ce.patch | openpgp: Do not accept non-matching key responses When generating RSA key pair using PKCS#15 init, the driver could accept responses relevant to ECC keys, which made further processing in the pkcs15-init failing/accessing invalid parts of structures. Thanks oss-fuzz! |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc | 2024-08-12 |
| CVE-2024-8443/02-02e8474.patch | openpgp: Avoid buffer overflow when writing fingerprint Fix also surrounding code to return error (not just log it) when some step fails. Thanks oss-fuzz |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e | 2024-08-15 |
| CVE-2024-45616/01-76115e3.patch | gids: Avoid using uninitialized memory Thanks Matteo Marini for report |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/76115e34799906a64202df952a8a9915d30bc89d | 2024-05-20 |
| CVE-2024-45615/01-bde991b.patch | pkcs15init: Avoid using uninitialized memory Thanks Matteo Marini for report |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03 | 2024-05-20 |
| CVE-2024-45616/02-e7177c7.patch | cac: Correctly calculate certificate length based on the resplen Thanks Matteo Marini for report |
Jakub Jelen <jjelen@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/e7177c7ca00200afea820d155dca67f38b232967 | 2024-05-20 |
| CVE-2024-45615/02-5e4f26b.patch | cac: Fix uninitialized values Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1 | 2024-07-11 |
| CVE-2024-45617/01-fdb9e90.patch | cac: Check return value when selecting AID Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc | 2024-07-16 |
| CVE-2024-45619/01-f01bfbd.patch | pkcs15-tcos: Check number of read bytes for cert Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/f01bfbd19b9c8243a40f7f17d554fe0eb9e89d0d | 2024-07-16 |
| CVE-2024-45617/02-21d869b.patch | cardos: Return error when response length is 0 Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/21d869b77792b6f189eebf373e399747177d99e2 | 2024-07-16 |
| CVE-2024-45615/04-7d68a7f.patch | card-piv: Initialize variables for tag and CLA In case they are not later initialize later by sc_asn1_read_tag() function. Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6 | 2024-07-16 |
| CVE-2024-45615/05-42d718d.patch | pkcs15-sc-hsm: Initialize variables for tag and CLA In case they are not later initialize later by sc_asn1_read_tag() function. Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b | 2024-07-16 |
| CVE-2024-45619/02-6730656.patch | pkcs15-gemsafeV1: Check length of buffer for object Number of actually read bytes may differ from the stated object length. Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/673065630bf4aaf03c370fc791ef6a6239431214 | 2024-07-17 |
| CVE-2024-45617/03-efbc14f.patch | card-jpki: Check number of read bytes Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/efbc14ffa190e3e0ceecceb479024bb778b0ab68 | 2024-07-17 |
| CVE-2024-45618/01-8632ec1.patch | pkcs15-tcos: Check return value of serial num conversion Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/8632ec172beda894581d67eaa991e519a7874f7d | 2024-07-17 |
| CVE-2024-45619/03-a1d8c01.patch | pkcs15-tcos: Check certificate length before accessing Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/a1d8c01c1cabd115dda8c298941d1786fb4c5c2f | 2024-07-17 |
| CVE-2024-45618/02-f9d6866.patch | pkcs15-lib: Report transport key error Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/f9d68660f032ad4d7803431d5fc7577ea8792ac3 | 2024-07-17 |
| CVE-2024-45620/01-a1bcc65.patch | pkcs15-starcos: Check length of file to be non-zero Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/a1bcc6516f43d570899820d259b71c53f8049168 | 2024-07-18 |
| CVE-2024-45620/02-6baa195.patch | iasecc-sdo: Check length of data before dereferencing Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/6baa19596598169d652659863470a60c5ed79ecd | 2024-07-18 |
| CVE-2024-45616/08-ef7b10a.patch | card-oberthur: Check length of serial number Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/ef7b10a18e6a4d4f03f0c47ea81aa8136f3eca60 | 2024-07-18 |
| CVE-2024-45619/04-e20ca25.patch | pkcs15-setcos: Check length of generated key Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/e20ca25204c9c5e36f53ae92ddf017cd17d07e31 | 2024-07-18 |
| CVE-2024-45620/03-468a314.patch | iasecc-sdo: Check length of data when parsing Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/468a314d76b26f724a551f2eb339dd17c856cf18 | 2024-07-18 |
| CVE-2024-45619/05-2b6cd52.patch | pkcs15-sc-hsm: Properly check length of file list Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/2b6cd52775b5448f6a993922a30c7a38d9626134 | 2024-07-18 |
| CVE-2024-45619/06-dd554a2.patch | card-coolkey: Check length of buffer before conversion Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/dd554a2e1e31e6cb75c627c653652696d61e8de8 | 2024-07-18 |
| CVE-2024-45616/09-aa102cd.patch | card-entersafe: Check length of serial number Thanks Matteo Marini for report |
Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc | 2024-07-23 |
| CVE-2024-45616/10-265b283.patch | card-cardos: Check length of APDU response | Veronika Hanulíková <vhanulik@redhat.com> | yes | debian upstream | https://github.com/OpenSC/OpenSC/commit/265b28344d036a462f38002d957a0636fda57614 | 2024-08-01 |
All known versions for source package 'opensc'
- 0.26.1-3 (forky, sid)
- 0.26.1-2 (trixie)
- 0.23.0-0.3+deb12u2 (bookworm)