Comment 3 for bug 603703

This bug was fixed in the package opensc - 0.11.4-5ubuntu1.1

---------------
opensc (0.11.4-5ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Fix insecure profile handling (LP: #603703)
  - modified src/pkcs15init/asepcos.profile, src/pkcs15init/cardos.profile,
    src/pkcs15init/cyberflex.profile, src/pkcs15init/flex.profile,
    src/pkcs15init/gpk.profile, src/pkcs15init/incrypto34.profile,
    src/pkcs15init/jcop.profile, src/pkcs15init/muscle.profile,
    src/pkcs15init/pkcs15-lib.c, src/pkcs15init/starcos.profile: Backport fix
    from upstream svn#3605. Fixes improper handling of private data in profiles
  - modified etc/opensc.conf.in, src/pkcs11/misc.c: Change the defaults of
    lock_login and soft_keygen_allowed to prevent untrusted applications
    from using the smartcard and preventing unexpected client side key
    generation.
    Patches provided by Debian in Lenny (DSA-1734-1)
  - CVE-2009-0368
 -- Brian Thomason <email address hidden> Fri, 09 Jul 2010 13:55:29 -0400