``` -# New in 0.25.0; 2024-04-05 +# New in 0.26.0; 2024-11-13 + +## Security +* CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (#3225) +* CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (#3225) +* CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (#3225) +* CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (#3225) +* CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (#3225) +* CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (#3225) +* CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (#3219) + [...] ```
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e91dd30198e2f15b4c62ce7c4e3112ec858733e commit 1e91dd30198e2f15b4c62ce7c4e3112ec858733e Author: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> AuthorDate: 2024-11-24 16:50:51 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-11-27 06:57:17 +0000 dev-libs/opensc: add 0.26.0 Bug: https://bugs.gentoo.org/945083 Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> Signed-off-by: Sam James <sam@gentoo.org> dev-libs/opensc/Manifest | 1 + dev-libs/opensc/opensc-0.26.0.ebuild | 87 ++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+)