Your message dated Sat, 22 Jan 2011 11:17:15 +0000
with message-id <[email protected]>
and subject line Bug#607781: fixed in pcsc-lite 1.5.5-4
has caused the Debian Bug report #607781,
regarding pcsc-lite: buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
607781: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: pcsc-lite
version: 1.4.102-1+lenny3
severity: serious
tags: security
an advisory has been issued for pcsc-lite:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
i have checked that the vulnerable code is present in both lenny and
sid.
mike
--- End Message ---
--- Begin Message ---
Source: pcsc-lite
Source-Version: 1.5.5-4
We believe that the bug you reported is fixed in the latest version of
pcsc-lite, which is due to be installed in the Debian FTP archive:
libpcsclite-dev_1.5.5-4_amd64.deb
to main/p/pcsc-lite/libpcsclite-dev_1.5.5-4_amd64.deb
libpcsclite1_1.5.5-4_amd64.deb
to main/p/pcsc-lite/libpcsclite1_1.5.5-4_amd64.deb
pcsc-lite_1.5.5-4.diff.gz
to main/p/pcsc-lite/pcsc-lite_1.5.5-4.diff.gz
pcsc-lite_1.5.5-4.dsc
to main/p/pcsc-lite/pcsc-lite_1.5.5-4.dsc
pcscd_1.5.5-4_amd64.deb
to main/p/pcsc-lite/pcscd_1.5.5-4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ludovic Rousseau <[email protected]> (supplier of updated pcsc-lite package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 22 Jan 2011 11:57:15 +0100
Source: pcsc-lite
Binary: pcscd libpcsclite-dev libpcsclite1
Architecture: source amd64
Version: 1.5.5-4
Distribution: unstable
Urgency: high
Maintainer: Ludovic Rousseau <[email protected]>
Changed-By: Ludovic Rousseau <[email protected]>
Description:
libpcsclite-dev - Middleware to access a smart card using PC/SC (development
files)
libpcsclite1 - Middleware to access a smart card using PC/SC (library)
pcscd - Middleware to access a smart card using PC/SC (daemon side)
Closes: 607781
Changes:
pcsc-lite (1.5.5-4) unstable; urgency=high
.
* Fix CVE-2010-4531: buffer overflow in the ATRDecodeAtr function in the
Answer-to-Reset (ATR) Handler (atrhandler.c)
* Closes: #607781 "pcsc-lite: buffer overflow"
Checksums-Sha1:
bf5d71d056fdc00b5b7466195be283c60d534276 1227 pcsc-lite_1.5.5-4.dsc
51088cb8d0bf4cb8c26afe26a58681a8fc3485f6 14478 pcsc-lite_1.5.5-4.diff.gz
bc070f61397aabcd1a1fe08eb5db4577b20d39f2 84356 pcscd_1.5.5-4_amd64.deb
57cd24cb46e8c176f9496bebe63c741984d3f94a 65932
libpcsclite-dev_1.5.5-4_amd64.deb
f49baa445ecd3512093b0385dc5ff01bf5a06b30 48432 libpcsclite1_1.5.5-4_amd64.deb
Checksums-Sha256:
a2936e5d6e11e1701ab93cdef2c98098ae9f40eff68b273217c30f792a4f9f3c 1227
pcsc-lite_1.5.5-4.dsc
80d9bad8f463e6ebb52d99f2bf38685f5e5c6e3ab93c77118d28eab5e37d923a 14478
pcsc-lite_1.5.5-4.diff.gz
ed090050049440f53cdb4ef52b3aeb65327e012538465955821960b2baa2c854 84356
pcscd_1.5.5-4_amd64.deb
0bb1156ce945ccae03ba20848ebdf69362cb314fa20b845510e3bad144adbb17 65932
libpcsclite-dev_1.5.5-4_amd64.deb
82a6dd4d6e7cdb712b911b872bb5a6a56cece14fa6d47fb0d1f6db93d3925e3f 48432
libpcsclite1_1.5.5-4_amd64.deb
Files:
95ee2c6321c0e28d496a19edf8a585e3 1227 misc extra pcsc-lite_1.5.5-4.dsc
c39cc5c1929c03477abc69c45b385e9e 14478 misc extra pcsc-lite_1.5.5-4.diff.gz
d0a71cdda75a66a9aee5a3ebab9990a6 84356 misc extra pcscd_1.5.5-4_amd64.deb
51e6135e2250b7a7923636912c3d0f09 65932 libdevel optional
libpcsclite-dev_1.5.5-4_amd64.deb
394fe50bf6240be2a7c78834f4763aeb 48432 libs optional
libpcsclite1_1.5.5-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk06uQ0ACgkQP0qKj+B/HPlrIQCeMKQmd1zW7DmgkW/8nR+0mz4Q
DRYAn3Om+Xy7reVRjlGCGf+Y77dRzjLt
=iPw1
-----END PGP SIGNATURE-----
--- End Message ---
