CVE-2009-1603 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1603): src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
0.11.8 has been released to fix this problem.
dev-libs/opensc-0.11.8 is now in the tree.
Please stabilize dev-libs/opensc-0.11.8.
Stable on alpha.
16 May 2009; Tobias Klausmann <klausman@gentoo.org> ChangeLog: Stable on alpha, bug #269920
(In reply to comment #5) > 16 May 2009; Tobias Klausmann <klausman@gentoo.org> ChangeLog: > Stable on alpha, bug #269920 Fixed. Thanks for the heads up.
Stable for HPPA.
x86 stable
ppc64 done
ppc done
arm/ia64/m68k/s390/sh/sparc stable
amd64 stable, all arches done.
Ready to vote, I vote YES.
YES too, request filed.
Reverted rbu's last change, only 0.11.7 is affected.
GLSA 200908-01, thanks everyone.