Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package ccid This version fixes a security bug. I also contacted the security team for the stable release. diff -u ccid-1.3.11/debian/changelog ccid-1.3.11/debian/changelog --- ccid-1.3.11/debian/changelog +++ ccid-1.3.11/debian/changelog @@ -1,3 +1,10 @@ +ccid (1.3.11-2) unstable; urgency=high + + * Fix CVE-2010-4530: Signedness error in ccid_serial.c + * Closes: #607780 "ccid: buffer overflow" + + -- Ludovic Rousseau <rouss...@debian.org> Fri, 21 Jan 2011 10:54:51 +0100 + ccid (1.3.11-1) unstable; urgency=low * New upstream release only in patch2: unchanged: --- ccid-1.3.11.orig/src/ccid_serial.c +++ ccid-1.3.11/src/ccid_serial.c @@ -310,6 +310,12 @@ /* total frame size */ to_read = 10+dw2i(buffer, 1); + if ((to_read < 10) || (to_read > (int)*length)) + { + DEBUG_CRITICAL2("Wrong value for frame size: %d", to_read); + return STATUS_COMM_ERROR; + } + DEBUG_COMM2("frame size: %d", to_read); if ((rv = get_bytes(reader_index, buffer+5, to_read-5)) != STATUS_SUCCESS) return rv; unblock ccid/1.3.11-2 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org