Bug#918744: stretch-pu: package opensc/0.1.9-1~deb9u1
On Sat, 2019-02-09 at 14:13 +0000, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Tue, 2019-01-08 at 23:59 +0100, Hilko Bengen wrote:
> > I'd like to update opensc in stretch to 0.1.9-1~deb9u1 in order to
> > fix a regression that introduced with the last update, 0.1.6-
> > 3+deb9u1, in an attempt to fix security issues (see #910786 for
> > details).
> >
> > I am aware that this is by no means a minimal change. I have tried
> > to
> > fix the backported patch that broke Yubikey NEO support for me, but
> > I
> > have not been able to restore functionality without reverting the
> > patch that fixed a CVE-worthy buffer overflow.
> >
> > Because I own no other smartcard hardware, I cannot tell if the
> > other
> > patches that were introduced with 0.16.0-3+deb9u1 broke any other
> > hardware support.
>
> Apologies for not getting back to you sooner.
>
> Reading through the changelog between the two Debian versions, there
> are several changes that we normally would not consider, including a
> switch to Debhelper 11 and a change of supported OpenSSL version.
>
> In order to try and assess the practical impact, would it be possible
> to have a binary debdiff between the current packages and your
> proposed
> upload.
That was over a year ago now, and there doesn't appear to have been any
further response.
We're now planning for the final point release for stretch before it
moves to LTS status, so it may be too late to handle this in practical
terms.
Regards,
Adam
Reply to: