Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
package/opensc: security bump to version 0.26.0
Fixes the following security vulnerabilities: 0.25.0: CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 CVE-2024-1454: Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init https://github.com/OpenSC/OpenSC/wiki/CVE-2024-1454 0.26.0: CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init GHSA-3q68-hm47-94vg CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc GHSA-2mjg-798r-mxwh CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc GHSA-cf2w-h975-2fpg CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init GHSA-f2v6-mw6x-qmwc CVE-2024-45619: Incorrect handling length of buffers or files in libopensc GHSA-9vxw-3j77-cj78 CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init GHSA-9c2g-6v5v-57qg CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key GHSA-mgc5-p43f-72pc Release notes: https://github.com/OpenSC/OpenSC/releases/tag/0.26.0 Signed-off-by: Peter Korsgaard <[email protected]> Signed-off-by: Julien Olivain <[email protected]>
- Loading branch information
