Package: yubico-piv-tool | Debian Sources

Package: yubico-piv-tool / 1.4.2-2+deb9u2

Metadata

Package	Version	Patches format
yubico-piv-tool	1.4.2-2+deb9u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 lib in ykpiv_transfer_data handle overflow by exitin.patch \| (download)	lib/ykpiv.c \| 5 4 + 1 - 0 ! 1 file changed, 4 insertions(+), 1 deletion(-)	lib: in ykpiv_transfer_data() handle overflow by exiting this is detected and printed, but we never exit the function Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
0002 lib in _ykpiv_fetch_object handle bogus length by re.patch \| (download)	lib/ykpiv.c \| 6 6 + 0 - 0 ! 1 file changed, 6 insertions(+)	lib: in _ykpiv_fetch_object() handle bogus length by returning otherwise we might memmove() to much data Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.

Patch

File delta

Description

0001 lib in ykpiv_transfer_data handle overflow by exitin.patch | (download)

lib/ykpiv.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

lib: in ykpiv_transfer_data() handle overflow by exiting

this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.

0002 lib in _ykpiv_fetch_object handle bogus length by re.patch | (download)

lib/ykpiv.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 lib: in _ykpiv_fetch_object() handle bogus length by returning

otherwise we might memmove() to much data

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.