Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OPENSC 26 /< #2610

Closed
2 tasks done
necrose99 opened this issue Jan 8, 2025 · 2 comments
Closed
2 tasks done

OPENSC 26 /< #2610

necrose99 opened this issue Jan 8, 2025 · 2 comments
Labels

Comments

@necrose99
Copy link

Checklist

  • I have verified that this is the correct repository, and the package is maintained by the chocolatey-community user.
  • I have verified that this is happening in the latest available version of the package.

Chocolatey Version

2.4.1

Chocolatey License

None

Package Version

26

Current Behaviour

opensc.0.26.0.nupkg.zip

Expected Behaviour

OpenSC 0.22.0 is currently packaged..
https://github.com/OpenSC/OpenSC/releases/tag/0.26.0
Multiple CVE entries fixed,
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (#3219)

Steps To Reproduce

update pkg manually or else

Environment

- Operating System:win11
- PowerShell Version:
- Shell:

Chocolatey Log

na

Anything else?

needs updating

@necrose99 necrose99 added the Bug label Jan 8, 2025
Copy link

github-actions bot commented Jan 8, 2025

Thanks for raising this issue!

The packages within this repository are maintained by a small team of volunteer Community Maintainers, in their own time. Their time, like yours is important. Please help them by not wasting it.

This is a community repository where the expectation is that everybody will get involved by raising pull requests to fix problems they find. This will also allow that problem to be fixed more quickly as you don't have to wait for a member of the Community Maintainer Team to pick it up.

If you are unable to fix the issue yourself, the Community Maintainers Team will look at it when time allows. There are no service level agreements, nor should there be any expectation on when people can resolve issues in their own time.

A few dos and don'ts:

  • Do provide as much information as you can in any issue that you raise.
  • Don't complain that an issue has not yet been picked up or resolved. You are expected to help out in this community maintained repository. If you are unable to do so, don't complain when others don't adhere to your timelines. There is no SLA nor should you have any expectation of one.
  • Do read the CONTRIBUTING and COMMITTERS documentation before raising a pull request as it contains valuable information on what automation is used in this repository.
  • Do read the Code of Conduct.
  • Don't post your frustration in comments. The Community Maintainers Team are not a punching bag for your frustration. You will only end up banned from the repository.

Thank you.
(Automatically posted message)

@corbob
Copy link
Contributor

corbob commented Jan 8, 2025

The package is not maintained on this repository. I would suggest looking at the package source repository, or following the package triage process if that's not working.

@corbob corbob closed this as not planned Won't fix, can't repro, duplicate, stale Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants