According to a posting to the oss-security mailing list, http://www.openwall.com/lists/oss-security/2010/12/22/7, this integer overflow could be exploited by a local attacker to execute arbitrary code. There appear to be two relevant upstream commits at: http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004934.html http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004935.html I believe these are fixed in app-crypt/ccid-1.4.1-r1, which is already in the tree. So unless @crypto objects, we will stabilize that. Arches, please test and mark stable: =app-crypt/ccid-1.4.1-r1 Target keywords : "amd64 hppa ppc ppc64 x86"
Reverting stabilization request. @crypto, please let us know if this can go stable. Thanks!
Arches, please test and mark stable: =app-crypt/ccid-1.4.1-r1 Target keywords : "amd64 hppa ppc ppc64 x86" This must be stabilized with: sys-apps/pcsc-lite-1.6.6 in bug 349561 dev-libs/opensc-0.11.13-r2 in bug 349567 net-misc/rdesktop-1.6.0-r4 in bug 349835
amd64 done
Stable for HPPA PPC.
x86 done.
ppc64 stable, last arch done
Thanks, folks. GLSA request filed.
CVE-2010-4530 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4530): Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.
security: is there any reason why this still opened?
This issue was resolved and addressed in GLSA 201401-16 at http://security.gentoo.org/glsa/glsa-201401-16.xml by GLSA coordinator Sean Amoss (ackle).