Bug#1055539: bookworm-pu: package opensc/0.23.0-0.3+deb12u1
Am 08.11.23 um 02:15 schrieb Bastian Germann:
[x] attach debdiff against the package in (old)stable
diff -Nru opensc-0.23.0/debian/changelog opensc-0.23.0/debian/changelog
--- opensc-0.23.0/debian/changelog 2023-06-01 20:30:18.000000000 +0000
+++ opensc-0.23.0/debian/changelog 2023-11-08 00:26:46.000000000 +0000
@@ -1,3 +1,12 @@
+opensc (0.23.0-0.3+deb12u1) bookworm; urgency=medium
+
+ * Team upload
+ * Fix CVE-2023-4535 with two upstream patches (Closes: #1055520)
+ * Fix CVE-2023-40660 with upstream patch (Closes: #1055521)
+ * Fix CVE-2023-40661 with upstream patches (Closes: #1055522)
+
+ -- Bastian Germann <bage@debian.org> Wed, 08 Nov 2023 01:26:46 +0100
+
opensc (0.23.0-0.3) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru opensc-0.23.0/debian/patches/0006-CVE-2023-4535.patch opensc-0.23.0/debian/patches/0006-CVE-2023-4535.patch
--- opensc-0.23.0/debian/patches/0006-CVE-2023-4535.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0006-CVE-2023-4535.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,54 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/cde2e050ec4f2f1b7db38429aa4e9c0f4656308c
+From: Peter Popovec <popovec.peter@gmail.com>
+Date: Wed, 26 Apr 2023 13:22:09 +0200
+Subject: NULL pointer fix
+
+Thanks to the clang analyzer:
+ Null pointer passed to 2nd parameter expecting 'nonnull'
+ [clang-analyzer-core.NonNullParamChecker]
+
+ modified: src/libopensc/card-myeid.c
+---
+ src/libopensc/card-myeid.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c
+index 31dd209f3e..951c179f1b 100644
+--- a/src/libopensc/card-myeid.c
++++ b/src/libopensc/card-myeid.c
+@@ -1973,6 +1973,9 @@ myeid_enc_dec_sym(struct sc_card *card, const u8 *data, size_t datalen,
+ return_len = block_size - pad_byte;
+ }
+ *outlen = return_len;
++ /* application can request buffer size or actual buffer size is too small */
++ if (out == NULL)
++ LOG_FUNC_RETURN(ctx, SC_SUCCESS);
+ if (return_len > *outlen)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_BUFFER_TOO_SMALL);
+ memcpy(out, priv->sym_plain_buffer, return_len);
+@@ -2042,10 +2045,11 @@ myeid_enc_dec_sym(struct sc_card *card, const u8 *data, size_t datalen,
+ priv->sym_crypt_buffer_len = 0;
+ rest_len = 0;
+ }
+- memcpy(sdata, data, apdu_datalen);
+- data += apdu_datalen;
+- datalen -= apdu_datalen;
+-
++ if (data) {
++ memcpy(sdata, data, apdu_datalen);
++ data += apdu_datalen;
++ datalen -= apdu_datalen;
++ }
+ r = sc_transmit_apdu(card, &apdu);
+ LOG_TEST_RET(ctx, r, "APDU transmit failed");
+ r = sc_check_sw(card, apdu.sw1, apdu.sw2);
+@@ -2084,7 +2088,8 @@ myeid_enc_dec_sym(struct sc_card *card, const u8 *data, size_t datalen,
+ /* save rest of data for next run */
+ priv->sym_crypt_buffer_len = datalen;
+ sc_log(ctx, "rest data len = %zu", datalen);
+- memcpy(priv->sym_crypt_buffer, data, datalen);
++ if (data)
++ memcpy(priv->sym_crypt_buffer, data, datalen);
+ sc_log(ctx, "return data len = %zu", return_len);
+ *outlen = return_len;
+ return SC_SUCCESS;
diff -Nru opensc-0.23.0/debian/patches/0007-CVE-2023-4535.patch opensc-0.23.0/debian/patches/0007-CVE-2023-4535.patch
--- opensc-0.23.0/debian/patches/0007-CVE-2023-4535.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0007-CVE-2023-4535.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,39 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
+From: Peter Popovec <popovec.peter@gmail.com>
+Date: Tue, 27 Jun 2023 09:50:42 +0200
+Subject: myeid: fixed CID 380538 Out-of-bounds read (OVERRUN)
+
+also fixes output buffer size checking
+---
+ src/libopensc/card-myeid.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c
+index 4ee4246840..50e78ff1d8 100644
+--- a/src/libopensc/card-myeid.c
++++ b/src/libopensc/card-myeid.c
+@@ -1986,18 +1986,20 @@ myeid_enc_dec_sym(struct sc_card *card, const u8 *data, size_t datalen,
+ sc_log(ctx, "Found padding byte %02x", pad_byte);
+ if (pad_byte == 0 || pad_byte > block_size)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_PADDING);
+- sdata = priv->sym_plain_buffer + block_size - pad_byte;
++ sdata = priv->sym_plain_buffer + block_size;
+ for (i = 0; i < pad_byte; i++)
+- if (sdata[i] != pad_byte)
++ if (*(--sdata) != pad_byte)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_PADDING);
+ return_len = block_size - pad_byte;
+ }
+- *outlen = return_len;
+ /* application can request buffer size or actual buffer size is too small */
+- if (out == NULL)
++ if (out == NULL) {
++ *outlen = return_len;
+ LOG_FUNC_RETURN(ctx, SC_SUCCESS);
++ }
+ if (return_len > *outlen)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_BUFFER_TOO_SMALL);
++ *outlen = return_len;
+ memcpy(out, priv->sym_plain_buffer, return_len);
+ sc_log(ctx, "C_DecryptFinal %zu bytes", *outlen);
+ return SC_SUCCESS;
diff -Nru opensc-0.23.0/debian/patches/0008-CVE-2023-40660.patch opensc-0.23.0/debian/patches/0008-CVE-2023-40660.patch
--- opensc-0.23.0/debian/patches/0008-CVE-2023-40660.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0008-CVE-2023-40660.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,50 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Wed, 21 Jun 2023 12:27:23 +0200
+Subject: Fixed PIN authentication bypass
+
+If two processes are accessing a token, then one process may leave the
+card usable with an authenticated PIN so that a key may sign/decrypt any
+data. This is especially the case if the token does not support a way of
+resetting the authentication status (logout).
+
+We have some tracking of the authentication status in software via
+PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a
+PIN-prompt will appear even though the card may technically be unlocked
+as described in the above example. However, before this change, an empty
+PIN was not verified (likely yielding an error during PIN-verification),
+but it was just checked whether the PIN is authenticated. This defeats
+the purpose of the PIN verification, because an empty PIN is not the
+correct one. Especially during OS Logon, we don't want that kind of
+shortcut, but we want the user to verify the correct PIN (even though
+the token was left unattended and authentication at the computer).
+
+This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864.
+---
+ src/libopensc/pkcs15-pin.c | 13 -------------
+ 1 file changed, 13 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c
+index 80a185fecd..393234efe4 100644
+--- a/src/libopensc/pkcs15-pin.c
++++ b/src/libopensc/pkcs15-pin.c
+@@ -307,19 +307,6 @@ sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pi
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_PIN_REFERENCE);
+ auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
+
+- /*
+- * if pin cache is disabled, we can get here with no PIN data.
+- * in this case, to avoid error or unnecessary pin prompting on pinpad,
+- * check if the PIN has been already verified and the access condition
+- * is still open on card.
+- */
+- if (pinlen == 0) {
+- r = sc_pkcs15_get_pin_info(p15card, pin_obj);
+-
+- if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN)
+- LOG_FUNC_RETURN(ctx, r);
+- }
+-
+ r = _validate_pin(p15card, auth_info, pinlen);
+
+ if (r)
diff -Nru opensc-0.23.0/debian/patches/0009-CVE-2023-40661.patch opensc-0.23.0/debian/patches/0009-CVE-2023-40661.patch
--- opensc-0.23.0/debian/patches/0009-CVE-2023-40661.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0009-CVE-2023-40661.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,40 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 17 Aug 2023 13:54:42 +0200
+Subject: pkcs15: Avoid buffer overflow when getting last update
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60769
+---
+ src/libopensc/pkcs15.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
+index eb7fc6afcd..4215b733a8 100644
+--- a/src/libopensc/pkcs15.c
++++ b/src/libopensc/pkcs15.c
+@@ -532,7 +532,7 @@ sc_pkcs15_get_lastupdate(struct sc_pkcs15_card *p15card)
+ struct sc_context *ctx = p15card->card->ctx;
+ struct sc_file *file = NULL;
+ struct sc_asn1_entry asn1_last_update[C_ASN1_LAST_UPDATE_SIZE];
+- unsigned char *content, last_update[32];
++ unsigned char *content, last_update[32] = {0};
+ size_t lupdate_len = sizeof(last_update) - 1;
+ int r, content_len;
+ size_t size;
+@@ -569,9 +569,11 @@ sc_pkcs15_get_lastupdate(struct sc_pkcs15_card *p15card)
+ if (r < 0)
+ return NULL;
+
+- p15card->tokeninfo->last_update.gtime = strdup((char *)last_update);
+- if (!p15card->tokeninfo->last_update.gtime)
+- return NULL;
++ if (asn1_last_update[0].flags & SC_ASN1_PRESENT) {
++ p15card->tokeninfo->last_update.gtime = strdup((char *)last_update);
++ if (!p15card->tokeninfo->last_update.gtime)
++ return NULL;
++ }
+ done:
+ sc_log(ctx, "lastUpdate.gtime '%s'", p15card->tokeninfo->last_update.gtime);
+ return p15card->tokeninfo->last_update.gtime;
diff -Nru opensc-0.23.0/debian/patches/0010-CVE-2023-40661.patch opensc-0.23.0/debian/patches/0010-CVE-2023-40661.patch
--- opensc-0.23.0/debian/patches/0010-CVE-2023-40661.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0010-CVE-2023-40661.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,27 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 17 Aug 2023 13:41:36 +0200
+Subject: setcos: Avoid buffer underflow
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672
+---
+ src/pkcs15init/pkcs15-setcos.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-setcos.c b/src/pkcs15init/pkcs15-setcos.c
+index 1b56afe6d9..1907b47f9d 100644
+--- a/src/pkcs15init/pkcs15-setcos.c
++++ b/src/pkcs15init/pkcs15-setcos.c
+@@ -349,6 +349,10 @@ setcos_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
+
+ /* Replace the path of instantiated key template by the path from the object data. */
+ memcpy(&file->path, &key_info->path, sizeof(file->path));
++ if (file->path.len < 2) {
++ sc_file_free(file);
++ LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid path");
++ }
+ file->id = file->path.value[file->path.len - 2] * 0x100
+ + file->path.value[file->path.len - 1];
+
diff -Nru opensc-0.23.0/debian/patches/0011-CVE-2023-40661.patch opensc-0.23.0/debian/patches/0011-CVE-2023-40661.patch
--- opensc-0.23.0/debian/patches/0011-CVE-2023-40661.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0011-CVE-2023-40661.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,26 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 20 Sep 2023 10:13:57 +0200
+Subject: oberthur: Avoid buffer overflow
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650
+---
+ src/pkcs15init/pkcs15-oberthur.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c
+index ad2cabd530..c441ab1e76 100644
+--- a/src/pkcs15init/pkcs15-oberthur.c
++++ b/src/pkcs15init/pkcs15-oberthur.c
+@@ -715,6 +715,9 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
+ if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported");
+
++ if (key_info->path.len < 2)
++ LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_VALID, "The path needs to be at least to bytes long");
++
+ sc_log(ctx, "create private key ID:%s", sc_pkcs15_print_id(&key_info->id));
+ /* Here, the path of private key file should be defined.
+ * Nevertheless, we need to instantiate private key to get the ACLs. */
diff -Nru opensc-0.23.0/debian/patches/0012-CVE-2023-40661.patch opensc-0.23.0/debian/patches/0012-CVE-2023-40661.patch
--- opensc-0.23.0/debian/patches/0012-CVE-2023-40661.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0012-CVE-2023-40661.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,23 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Thu, 8 Dec 2022 00:27:18 +0100
+Subject: sc_pkcs15init_rmdir: prevent out of bounds write
+
+fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927
+---
+ src/pkcs15init/pkcs15-lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
+index 91cee37310..3df03c6e1f 100644
+--- a/src/pkcs15init/pkcs15-lib.c
++++ b/src/pkcs15init/pkcs15-lib.c
+@@ -685,6 +685,8 @@ sc_pkcs15init_rmdir(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
+
+ path = df->path;
+ path.len += 2;
++ if (path.len > SC_MAX_PATH_SIZE)
++ return SC_ERROR_INTERNAL;
+
+ nfids = r / 2;
+ while (r >= 0 && nfids--) {
diff -Nru opensc-0.23.0/debian/patches/0013-CVE-2023-40661.patch opensc-0.23.0/debian/patches/0013-CVE-2023-40661.patch
--- opensc-0.23.0/debian/patches/0013-CVE-2023-40661.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0013-CVE-2023-40661.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,25 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/c449a181a6988cc1e8dc8764d23574e48cdc3fa6
+From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
+Date: Mon, 19 Jun 2023 16:14:51 +0200
+Subject: pkcs15-cflex: check path length to prevent underflow
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58932
+---
+ src/pkcs15init/pkcs15-cflex.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/pkcs15init/pkcs15-cflex.c b/src/pkcs15init/pkcs15-cflex.c
+index d06568073d..ce1d48e62c 100644
+--- a/src/pkcs15init/pkcs15-cflex.c
++++ b/src/pkcs15init/pkcs15-cflex.c
+@@ -56,6 +56,9 @@ cflex_delete_file(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *d
+ int r = 0;
+ /* Select the parent DF */
+ path = df->path;
++ if (path.len < 2) {
++ return SC_ERROR_INVALID_ARGUMENTS;
++ }
+ path.len -= 2;
+ r = sc_select_file(p15card->card, &path, &parent);
+ if (r < 0)
diff -Nru opensc-0.23.0/debian/patches/0014-CVE-2023-40661.patch opensc-0.23.0/debian/patches/0014-CVE-2023-40661.patch
--- opensc-0.23.0/debian/patches/0014-CVE-2023-40661.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0014-CVE-2023-40661.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,25 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1
+From: Veronika Hanulikova <xhanulik@fi.muni.cz>
+Date: Fri, 10 Feb 2023 11:47:34 +0100
+Subject: Check array bounds
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54312
+---
+ src/libopensc/muscle.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c
+index 61a4ec24d8..9d01e0c113 100644
+--- a/src/libopensc/muscle.c
++++ b/src/libopensc/muscle.c
+@@ -181,6 +181,9 @@ int msc_partial_update_object(sc_card_t *card, msc_id objectId, int offset, cons
+ sc_apdu_t apdu;
+ int r;
+
++ if (dataLength + 9 > MSC_MAX_APDU)
++ return SC_ERROR_INVALID_ARGUMENTS;
++
+ sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x54, 0x00, 0x00);
+ apdu.lc = dataLength + 9;
+ if (card->ctx->debug >= 2)
diff -Nru opensc-0.23.0/debian/patches/0015-CVE-2023-40661.patch opensc-0.23.0/debian/patches/0015-CVE-2023-40661.patch
--- opensc-0.23.0/debian/patches/0015-CVE-2023-40661.patch 1970-01-01 00:00:00.000000000 +0000
+++ opensc-0.23.0/debian/patches/0015-CVE-2023-40661.patch 2023-11-08 00:26:46.000000000 +0000
@@ -0,0 +1,37 @@
+Origin: https://github.com/OpenSC/OpenSC/commit/5631e9843c832a99769def85b7b9b68b4e3e3959
+From: Veronika Hanulikova <xhanulik@fi.muni.cz>
+Date: Fri, 3 Mar 2023 16:07:38 +0100
+Subject: Check length of string before making copy
+
+Thanks OSS-Fuzz
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55851
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55998
+---
+ src/pkcs15init/profile.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c
+index 2b793b0282..3bad1e8536 100644
+--- a/src/pkcs15init/profile.c
++++ b/src/pkcs15init/profile.c
+@@ -1575,7 +1575,10 @@ do_acl(struct state *cur, int argc, char **argv)
+ while (argc--) {
+ unsigned int op, method, id;
+
++ if (strlen(*argv) >= sizeof(oper))
++ goto bad;
+ strlcpy(oper, *argv++, sizeof(oper));
++
+ if ((what = strchr(oper, '=')) == NULL)
+ goto bad;
+ *what++ = '\0';
+@@ -2288,6 +2291,9 @@ get_authid(struct state *cur, const char *value,
+ return get_uint(cur, value, type);
+ }
+
++ if (strlen(value) >= sizeof(temp))
++ return 1;
++
+ n = strcspn(value, "0123456789x");
+ strlcpy(temp, value, (sizeof(temp) > n) ? n + 1 : sizeof(temp));
+
diff -Nru opensc-0.23.0/debian/patches/series opensc-0.23.0/debian/patches/series
--- opensc-0.23.0/debian/patches/series 2023-06-01 20:30:18.000000000 +0000
+++ opensc-0.23.0/debian/patches/series 2023-11-08 00:26:46.000000000 +0000
@@ -2,3 +2,13 @@
0002-Fix-private-key-import.patch
0003-Log-OpenSSL-errors.patch
0004-pkcs15init-correct-left-length-calculation.patch
+0006-CVE-2023-4535.patch
+0007-CVE-2023-4535.patch
+0008-CVE-2023-40660.patch
+0009-CVE-2023-40661.patch
+0010-CVE-2023-40661.patch
+0011-CVE-2023-40661.patch
+0012-CVE-2023-40661.patch
+0013-CVE-2023-40661.patch
+0014-CVE-2023-40661.patch
+0015-CVE-2023-40661.patch
Reply to: