NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/opensc: security bump to version 0.26.0

Browse Source 
Fixes the following security vulnerabilities:

0.25.0:

CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5
padding in OpenSC
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992

CVE-2024-1454: Potential use-after-free in AuthentIC driver during card
enrollment in pkcs15init
https://github.com/OpenSC/OpenSC/wiki/CVE-2024-1454

0.26.0:

CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init
https://github.com/advisories/GHSA-3q68-hm47-94vg

CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU
response values in libopensc
https://github.com/advisories/GHSA-2mjg-798r-mxwh

CVE-2024-45617: Uninitialized values after incorrect or missing checking
return values of functions in libopensc
https://github.com/advisories/GHSA-cf2w-h975-2fpg

CVE-2024-45618: Uninitialized values after incorrect or missing checking
return values of functions in pkcs15init
https://github.com/advisories/GHSA-f2v6-mw6x-qmwc

CVE-2024-45619: Incorrect handling length of buffers or files in libopensc
https://github.com/advisories/GHSA-9vxw-3j77-cj78

CVE-2024-45620: Incorrect handling of the length of buffers or files in
pkcs15init
https://github.com/advisories/GHSA-9c2g-6v5v-57qg

CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key
https://github.com/advisories/GHSA-mgc5-p43f-72pc

Release notes:
https://github.com/OpenSC/OpenSC/releases/tag/0.26.0

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 1f4b4ccde7ceb379010aeb93458792202622d64b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2024-12-15 13:24:33 +01:00
parent 41bd9a5839
commit 0ee60ab4d3
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/opensc/opensc.hash
View File

@ -1,5 +1,5 @@
# Computed locally from https://https://github.com/OpenSC/OpenSC/releases/
sha256 24d03c69287291da32a30c4c38a304ad827f56cb85d83619e1f5403ab6480ef8 opensc-0.24.0.tar.gz
sha256 837baead45e1505260d868871056150ede6e73d35460a470f2595a9e5e75f82b opensc-0.26.0.tar.gz
# Computed locally
sha256 376b54d4c5f4aa99421823fa4da93e3ab73096fce2400e89858632aa7da24a14 COPYING

2
package/opensc/opensc.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
OPENSC_VERSION = 0.24.0
OPENSC_VERSION = 0.26.0
OPENSC_SITE = https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)
OPENSC_LICENSE = LGPL-2.1+
OPENSC_LICENSE_FILES = COPYING