[Tokend-Dev] [SCSSU-201801] Addresses CVE-2018-4300 & CVE-2018-4301 in Project

Shawn A. Geddis geddis at apple.com
Tue Jul 31 14:48:31 PDT 2018

SmartCardServices Community,

I wanted to highlight that a security fix [SCSSU-201801] <http://smartcardservices.macosforge.org/trac/wiki/security> for addressing the following CVEs was merged into the project on May 28, 2018.  They will be included in the next release of installers.  However, each one of you that has developed your own Tokend for macOS, will want to ensure you pickup the changes.

The fix was noted in PR-155 <https://github.com/smartcardservices/smartcardservices/pull/155>
And the source code diffs are at Files Changed <https://github.com/smartcardservices/smartcardservices/pull/155/files>

if any of you have any questions, fire away here on the list.

- Shawn
Shawn Geddis				  			        	geddis @ {icloud, me, mac} . com
Security and Certifications Engineer			    	geddis @ {apple} . com
 Platform Security / SEAR
Apple Inc.

Smart Card Services  Project/Dev Lead:                                                                                 
				   Project Wiki:		                 [https://smartcardservices.github.io <https://smartcardservices.github.io/>]
				   Mailing Lists:	         [Lists.MacOSForge.Org/mailman/listinfo <http://lists.macosforge.org/mailman/listinfo>]
				   SCS Contact:			           [scs-cotact at macosforge.org <mailto:scs-cotact at macosforge.org>]
				   SCS Admin:				           [scs-admin at macosforge.org <mailto:scs-admin at macosforge.org>]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/tokend-dev/attachments/20180731/0b6040ad/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3395 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/tokend-dev/attachments/20180731/0b6040ad/attachment.bin>

More information about the Tokend-Dev mailing list