Request 631973: Incident yubico-piv-tool - openSUSE Build Service

This request supersedes: request 631969 (Show diff)

Overview

Request 631973 accepted

- Added CVE-2018-14779.patch: Fixed an buffer overflow and an out of bounds
memory read in ykpiv_transfer_data(), which could be triggered by a malicious
token. (CVE-2018-14779, bsc#1104809, YSA-2018-03)
- Added CVE-2018-14780.patch: Fixed an buffer overflow and an out of bounds
memory read in _ykpiv_fetch_object(), which could be triggered by a malicious
token. (CVE-2018-14780, bsc#1104811, YSA-2018-03)

Created by kbabioch over 5 years ago
In state accepted
Supersedes 631969

Incident yubico-piv-tool

Comments for request 631973 1
Comments for request 631969 1

Leap Reviewbot (leaper) - over 5 years ago

home:kbabioch:branches:openSUSE:Leap:42.3:Update/yubico-piv-tool@a62c5c510b0030c2bb3052f61b418282 -> openSUSE:Leap:42.3:Update/yubico-piv-tool

expected origin is 'openSUSE:Leap:42.2' (changed)

Login required, please login in order to comment

Leap Reviewbot (leaper) - over 5 years ago

home:kbabioch:branches:openSUSE:Leap:42.3:Update/yubico-piv-tool@df07739824407a73444cc1889b7ebdba -> openSUSE:Leap:42.3:Update/yubico-piv-tool

expected origin is 'openSUSE:Leap:42.2' (changed)

Login required, please login in order to comment

Request History

kbabioch created request over 5 years ago

- Added CVE-2018-14779.patch: Fixed an buffer overflow and an out of bounds
memory read in ykpiv_transfer_data(), which could be triggered by a malicious
token. (CVE-2018-14779, bsc#1104809, YSA-2018-03)
- Added CVE-2018-14780.patch: Fixed an buffer overflow and an out of bounds
memory read in _ykpiv_fetch_object(), which could be triggered by a malicious
token. (CVE-2018-14780, bsc#1104811, YSA-2018-03)

factory-auto accepted review over 5 years ago

Check script succeeded

licensedigger accepted review over 5 years ago

ok

maintbot added yubico-piv-tool as a reviewer over 5 years ago

Submission for yubico-piv-tool by someone who is not maintainer in the devel project (security). Please review

maintbot accepted review over 5 years ago

ok

Simmphonie accepted review over 5 years ago

ok

Simmphonie approved review over 5 years ago

ok

kbabioch moved maintenance target to openSUSE:Maintenance:8675 over 5 years ago

kbabioch accepted request over 5 years ago

accepted request 631973:Thanks!

For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance

openSUSE Build Service is sponsored by