From ${URL} : I'm happy to announce the new pam_p11 release 0.3.1, which can be found here https://github.com/OpenSC/pam_p11/releases/tag/pam_p11-0.3.1. <https://github.com/OpenSC/pam_p11/releases/tag/pam_p11-0.3.1> This release fixes a buffer overflow when creating signatures longer than 256 bytes (CVE-2019-16058). This bug is present in pam_p11 version 0.2.0 and 0.3.0. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
x86 stable
amd64 stable
ppc64 stable
ppc stable
ia64 stable
@maintainer(s): ok to clean up?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78b0a59692dc3a830b073207f85fccac839e64f7 commit 78b0a59692dc3a830b073207f85fccac839e64f7 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-03-15 10:04:07 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-03-15 10:04:07 +0000 sys-auth/pam_p11: Security cleanup Bug: https://bugs.gentoo.org/694150 Package-Manager: Portage-2.3.93, Repoman-2.3.20 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> sys-auth/pam_p11/Manifest | 1 - sys-auth/pam_p11/pam_p11-0.3.0.ebuild | 30 ------------------------------ 2 files changed, 31 deletions(-)
Tree is clean.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
GLSA Vote: No Thank you all for you work. Closing as [noglsa].