Source: opensc Version: 0.23.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for opensc. CVE-2023-4535[0]: | An out-of-bounds read vulnerability was found in OpenSC packages | within the MyEID driver when handling symmetric key encryption. | Exploiting this flaw requires an attacker to have physical access to | the computer and a specially crafted USB device or smart card. This | flaw allows the attacker to manipulate APDU responses and | potentially gain unauthorized access to sensitive data, compromising | the system's security. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4535 https://www.cve.org/CVERecord?id=CVE-2023-4535 [1] https://github.com/OpenSC/OpenSC/wiki/CVE-2023-4535 [2] https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore