Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package pcsc-lite This version fixes a security bug. I also contacted the security team for the stable distribution. debdiff pcsc-lite_1.5.5-3.dsc pcsc-lite_1.5.5-4.dsc diff -u pcsc-lite-1.5.5/debian/changelog pcsc-lite-1.5.5/debian/changelog --- pcsc-lite-1.5.5/debian/changelog +++ pcsc-lite-1.5.5/debian/changelog @@ -1,3 +1,11 @@ +pcsc-lite (1.5.5-4) unstable; urgency=high + + * Fix CVE-2010-4531: buffer overflow in the ATRDecodeAtr function in the + Answer-to-Reset (ATR) Handler (atrhandler.c) + * Closes: #607781 "pcsc-lite: buffer overflow" + + -- Ludovic Rousseau <rouss...@debian.org> Wed, 19 Jan 2011 20:31:43 +0100 + pcsc-lite (1.5.5-3) unstable; urgency=low * debian/update-reader.conf: store the generated configuration file in only in patch2: unchanged: --- pcsc-lite-1.5.5.orig/src/atrhandler.c +++ pcsc-lite-1.5.5/src/atrhandler.c @@ -239,6 +239,9 @@ if (psExtension->CardCapabilities.AvailableProtocols & SCARD_PROTOCOL_T1) TCK = pucAtr[p++]; + if (p > MAX_ATR_SIZE) + return 0; /** @retval 0 Maximum attribute size */ + memcpy(psExtension->ATR.Value, pucAtr, p); psExtension->ATR.Length = p; /* modified from p-1 */ unblock pcsc-lite/1.5.5-4 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org