subject:"Bug#1004261\: buster\-pu\: package opensc\/0.19.0\-1\+deb10u1"

Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1

2022-02-19 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2022-01-23 at 20:21 +0200, Adrian Bunk wrote:
>   * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring.
> (Closes: #939668)
>   * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string.
> (Closes: #939669)
>   * CVE-2019-19479: Incorrect read operation in the Setec driver.
> (Closes: #947383)
>   * CVE-2019-20792: Double free in the Coolkey driver.
>   * CVE-2020-26570: Heap-based buffer overflow in the Oberthur
> driver.
> (Closes: #972037)
>   * CVE-2020-26571: Stack-based buffer overflow in the GPK driver.
> (Closes: #972036)
>   * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver.
> (Closes: #972035)

Please go ahead.

Regards,

Adam

Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1

2022-01-23 Thread Adrian Bunk

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Debian OpenSC Maintainers 
, t...@security.debian.org

  * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring.
(Closes: #939668)
  * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string.
(Closes: #939669)
  * CVE-2019-19479: Incorrect read operation in the Setec driver.
(Closes: #947383)
  * CVE-2019-20792: Double free in the Coolkey driver.
  * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver.
(Closes: #972037)
  * CVE-2020-26571: Stack-based buffer overflow in the GPK driver.
(Closes: #972036)
  * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver.
(Closes: #972035)
diff -Nru opensc-0.19.0/debian/changelog opensc-0.19.0/debian/changelog
--- opensc-0.19.0/debian/changelog  2018-09-30 23:26:03.0 +0300
+++ opensc-0.19.0/debian/changelog  2022-01-23 19:32:38.0 +0200
@@ -1,3 +1,22 @@
+opensc (0.19.0-1+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring.
+(Closes: #939668)
+  * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string.
+(Closes: #939669)
+  * CVE-2019-19479: Incorrect read operation in the Setec driver.
+(Closes: #947383)
+  * CVE-2019-20792: Double free in the Coolkey driver.
+  * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver.
+(Closes: #972037)
+  * CVE-2020-26571: Stack-based buffer overflow in the GPK driver.
+(Closes: #972036)
+  * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver.
+(Closes: #972035)
+
+ -- Adrian Bunk   Sun, 23 Jan 2022 19:32:38 +0200
+
 opensc (0.19.0-1) unstable; urgency=medium
 
   * New upstream release (Closes: 908363, 909444)
diff -Nru 
opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch
 
opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch
--- 
opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch
   1970-01-01 02:00:00.0 +0200
+++ 
opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch
   2022-01-23 19:32:38.0 +0200
@@ -0,0 +1,42 @@
+From 0509b2f61ca948312a15d18712a130f7bffd512e Mon Sep 17 00:00:00 2001
+From: Frank Morgner 
+Date: Tue, 27 Aug 2019 15:17:17 +0200
+Subject: fixed out of bounds access of ASN.1 Bitstring
+
+Credit to OSS-Fuzz
+---
+ src/libopensc/asn1.c | 12 
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c
+index 3262ed80..fd972238 100644
+--- a/src/libopensc/asn1.c
 b/src/libopensc/asn1.c
+@@ -570,16 +570,20 @@ static int decode_bit_string(const u8 * inbuf, size_t 
inlen, void *outbuf,
+ {
+   const u8 *in = inbuf;
+   u8 *out = (u8 *) outbuf;
+-  int zero_bits = *in & 0x07;
+-  size_t octets_left = inlen - 1;
+   int i, count = 0;
++  int zero_bits;
++  size_t octets_left;
+ 
+-  memset(outbuf, 0, outlen);
+-  in++;
+   if (outlen < octets_left)
+   return SC_ERROR_BUFFER_TOO_SMALL;
+   if (inlen < 1)
+   return SC_ERROR_INVALID_ASN1_OBJECT;
++
++  zero_bits = *in & 0x07;
++  octets_left = inlen - 1;
++  in++;
++  memset(outbuf, 0, outlen);
++
+   while (octets_left) {
+   /* 1st octet of input:  ABCDEFGH, where A is the MSB */
+   /* 1st octet of output: HGFEDCBA, where A is the LSB */
+-- 
+2.20.1
+
diff -Nru opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch 
opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch
--- opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch  
1970-01-01 02:00:00.0 +0200
+++ opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch  
2022-01-23 19:32:38.0 +0200
@@ -0,0 +1,36 @@
+From 28869a7bd4fd928b498638fff27b76b56e58f4d6 Mon Sep 17 00:00:00 2001
+From: Frank Morgner 
+Date: Tue, 27 Aug 2019 15:27:15 +0200
+Subject: fixed compiler warning
+
+---
+ src/libopensc/asn1.c | 9 -
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c
+index fd972238..10572292 100644
+--- a/src/libopensc/asn1.c
 b/src/libopensc/asn1.c
+@@ -574,15 +574,14 @@ static int decode_bit_string(const u8 * inbuf, size_t 
inlen, void *outbuf,
+   int zero_bits;
+   size_t octets_left;
+ 
+-  if (outlen < octets_left)
+-  return SC_ERROR_BUFFER_TOO_SMALL;
+   if (inlen < 1)
+   return SC_ERROR_INVALID_ASN1_OBJECT;
+-
++  memset(outbuf, 0, outlen);
+   zero_bits = *in & 0x07;
+-  octets_left = inlen - 1;
+   in++;
+-  memset(outbuf, 0, outlen);
++  octets_left = inlen - 1;
++  if (outlen < octets_left)
++  return SC_ERROR_BUFFER_TOO_SMALL;
+ 
+   while

Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1

Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1

2 matches

Site Navigation

Mail list logo

Footer information