File _patchinfo of Package patchinfo.18765

<patchinfo incident="18765">
  <issue tracker="bnc" id="1149746">VUL-1: CVE-2019-15945: opensc: an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string</issue>
  <issue tracker="bnc" id="1177380">VUL-0: CVE-2020-26571: opensc: The gemsafe GPK smart card software driver has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.</issue>
  <issue tracker="bnc" id="1158256">VUL-1: CVE-2019-19479: opensc: incorrect read operation during parsing of a SETCOS file attribute</issue>
  <issue tracker="bnc" id="1170809">VUL-1: CVE-2019-20792: opensc: double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check</issue>
  <issue tracker="bnc" id="1177378">VUL-0: CVE-2020-26572: opensc: TCOS smart card software driver has a stack-based buffer overflow in tcos_decipher.</issue>
  <issue tracker="bnc" id="1158307">VUL-1: CVE-2019-19480: opensc: improper free operation in sc_pkcs15_decode_prkdf_entry</issue>
  <issue tracker="bnc" id="1177364">VUL-0: CVE-2020-26570: opensc: Oberthur smart card software driver in OpenSC has a heap-based buffer overflow in sc_oberthur_read_file.</issue>
  <issue tracker="bnc" id="1149747">VUL-1: CVE-2019-15946: opensc: out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry</issue>
  <issue tracker="cve" id="2019-15945"/>
  <issue tracker="cve" id="2019-15946"/>
  <issue tracker="cve" id="2019-19479"/>
  <issue tracker="cve" id="2019-19480"/>
  <issue tracker="cve" id="2019-20792"/>
  <issue tracker="cve" id="2020-26570"/>
  <issue tracker="cve" id="2020-26571"/>
  <issue tracker="cve" id="2020-26572"/>
  <packager>jsikes</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for opensc</summary>
  <description>This update for opensc fixes the following issues:
	  
- CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746).
- CVE-2019-15946: Fixed an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747)
- CVE-2019-19479: Fixed an incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256)
- CVE-2019-19480: Fixed an improper free operation in sc_pkcs15_decode_prkdf_entry (bsc#1158307).
- CVE-2019-20792: Fixed a double free in coolkey_free_private_data (bsc#1170809). 
- CVE-2020-26570: Fixed a buffer overflow in sc_oberthur_read_file (bsc#1177364).
- CVE-2020-26571: Fixed a stack-based buffer overflow in gemsafe GPK smart card software driver (bsc#1177380)
- CVE-2020-26572: Fixed a stack-based buffer overflow in tcos_decipher (bsc#1177378).
</description>
</patchinfo>