This bug was fixed in the package opensc - 0.11.4-5ubuntu1.1
--------------- opensc (0.11.4-5ubuntu1.1) jaunty-security; urgency=low
* SECURITY UPDATE: Fix insecure profile handling (LP: #603703) - modified src/pkcs15init/asepcos.profile, src/pkcs15init/cardos.profile, src/pkcs15init/cyberflex.profile, src/pkcs15init/flex.profile, src/pkcs15init/gpk.profile, src/pkcs15init/incrypto34.profile, src/pkcs15init/jcop.profile, src/pkcs15init/muscle.profile, src/pkcs15init/pkcs15-lib.c, src/pkcs15init/starcos.profile: Backport fix from upstream svn#3605. Fixes improper handling of private data in profiles - modified etc/opensc.conf.in, src/pkcs11/misc.c: Change the defaults of lock_login and soft_keygen_allowed to prevent untrusted applications from using the smartcard and preventing unexpected client side key generation. Patches provided by Debian in Lenny (DSA-1734-1) - CVE-2009-0368 -- Brian Thomason <email address hidden> Fri, 09 Jul 2010 13:55:29 -0400
This bug was fixed in the package opensc - 0.11.4-5ubuntu1.1
---------------
opensc (0.11.4-5ubuntu1.1) jaunty-security; urgency=low
* SECURITY UPDATE: Fix insecure profile handling (LP: #603703) asepcos. profile, src/pkcs15init/ cardos. profile, pkcs15init/ cyberflex. profile, src/pkcs15init/ flex.profile, pkcs15init/ gpk.profile, src/pkcs15init/ incrypto34. profile, pkcs15init/ jcop.profile, src/pkcs15init/ muscle. profile, pkcs15init/ pkcs15- lib.c, src/pkcs15init/ starcos. profile: Backport fix
- modified src/pkcs15init/
src/
src/
src/
src/
from upstream svn#3605. Fixes improper handling of private data in profiles
- modified etc/opensc.conf.in, src/pkcs11/misc.c: Change the defaults of
lock_login and soft_keygen_allowed to prevent untrusted applications
from using the smartcard and preventing unexpected client side key
generation.
Patches provided by Debian in Lenny (DSA-1734-1)
- CVE-2009-0368
-- Brian Thomason <email address hidden> Fri, 09 Jul 2010 13:55:29 -0400