From geddis at apple.com Tue Jul 31 14:48:31 2018 From: geddis at apple.com (Shawn A. Geddis) Date: Tue, 31 Jul 2018 14:48:31 -0700 Subject: [Tokend-Dev] [SCSSU-201801] Addresses CVE-2018-4300 & CVE-2018-4301 in Project Message-ID: <5FDC5E3F-CD95-41B6-B4B4-712D17D67A75@apple.com> SmartCardServices Community, I wanted to highlight that a security fix [SCSSU-201801] for addressing the following CVEs was merged into the project on May 28, 2018. They will be included in the next release of installers. However, each one of you that has developed your own Tokend for macOS, will want to ensure you pickup the changes. The fix was noted in PR-155 And the source code diffs are at Files Changed if any of you have any questions, fire away here on the list. - Shawn _____________________________________________________________________ Shawn Geddis geddis @ {icloud, me, mac} . com Security and Certifications Engineer geddis @ {apple} . com  Platform Security / SEAR Apple Inc. Smart Card Services Project/Dev Lead: Project Wiki: [https://smartcardservices.github.io ] Mailing Lists: [Lists.MacOSForge.Org/mailman/listinfo ] SCS Contact: [scs-cotact at macosforge.org ] SCS Admin: [scs-admin at macosforge.org ] _____________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3395 bytes Desc: not available URL: