Bug#1055539: bookworm-pu: package opensc/0.23.0-0.3+deb12u1

To: submit <submit@bugs.debian.org>
Subject: Bug#1055539: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
From: Bastian Germann <bage@debian.org>
Date: Wed, 8 Nov 2023 02:15:36 +0100
Message-id: <[🔎] 937f7719-5ba6-4c35-aa52-cfc0116fa771@debian.org>
Reply-to: Bastian Germann <bage@debian.org>, 1055539@bugs.debian.org

Package: release.debian.org
Control: affects -1 + src:opensc
X-Debbugs-Cc: opensc@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: bookworm
Severity: normal

[ Reason ]
opensc in bookworm is vulnerable for CVE-2023-4535, CVE-2023-40660, CVE-2023-40661.

[ Impact ]
User can be attacked via the CVE vectors.

[ Tests ]
No automated tests. I have not exploited the CVEs.

[ Risks ]

I have left out two patches of CVE-2023-40661 because they change code that is not yet available inthe bookworm release. There might be side effects of not applying them


[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Reply to:

Follow-Ups:
- Processed: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1055539: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
  - From: Bastian Germann <bage@debian.org>
- Bug#1055539: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#1055539: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: NEW changes in oldstable-new
Next by Date: Processed: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
Previous by thread: Re: rust-grep-regex REMOVED from testing
Next by thread: Processed: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
Index(es):
- Date
- Thread