Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 945083 (CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620, CVE-2024-8443) - <dev-libs/opensc-0.26.0: Multiple vulnerabilities
Summary: <dev-libs/opensc-0.26.0: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620, CVE-2024-8443
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable]
Keywords:
Depends on: 945131
Blocks:
  Show dependency tree
 
Reported: 2024-11-27 06:57 UTC by Sam James
Modified: 2024-11-27 16:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-11-27 06:57:02 UTC
```
-# New in 0.25.0; 2024-04-05
+# New in 0.26.0; 2024-11-13
+
+## Security
+* CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (#3225)
+* CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (#3225)
+* CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (#3225)
+* CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (#3225)
+* CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (#3225)
+* CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (#3225)
+* CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (#3219)
+
[...]
```
Comment 1 Larry the Git Cow gentoo-dev 2024-11-27 07:12:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e91dd30198e2f15b4c62ce7c4e3112ec858733e

commit 1e91dd30198e2f15b4c62ce7c4e3112ec858733e
Author:     Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
AuthorDate: 2024-11-24 16:50:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-27 06:57:17 +0000

    dev-libs/opensc: add 0.26.0
    
    Bug: https://bugs.gentoo.org/945083
    Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/opensc/Manifest             |  1 +
 dev-libs/opensc/opensc-0.26.0.ebuild | 87 ++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)