* CVE-2020-26570 The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 Patch: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e * CVE-2020-26571 The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. Patch: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 * CVE_2020-26572 The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 Patch: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
Should be fixed in the upcoming 0.21.0: https://github.com/OpenSC/OpenSC/commit/c4a75eb1c20130fee03f29c8ffb802003abd8883.
0.21.0 is released with the fixes.
0.21.0 is out
Bumped in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=654dd726c0606a4b6ff37628cd6f7dcde3255290. Let us know when ready to stable.
Ready?
amd64 done
ppc done
ppc64 done
arm done
x86 done all arches done
Please cleanup.
some forgotten bug.