Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 16 Jul 2013 18:49:34 +0000
From: "mancha" <mancha1@...h.com>
To: oss-security@...ts.openwall.com, jlieskov@...hat.com
Cc: coley@...us.mitre.org
Subject: Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws

On Tue, 16 Jul 2013 15:50:25 +0000 "Jan Lieskovsky" wrote:
>Hello Kurt, Steve, vendors,
>
>  while not listed in the announcement:
>  [1] http://www.kde.org/announcements/announce-4.10.5.php
>
>looks like kde-workspace v4.10.5 fixed two security flaws
>(the second one a minor one):
>
>* Issue #1 - Possible NULL pointer dereference in KDM and 
>KCheckPass when glibc 2.17 (eglibc 2.17) or FIPS enabled system 
>used
> Bug: https://git.reviewboard.kde.org/r/111261/
>             Relevant patches:
>             https://projects.kde.org/projects/kde/kde-
workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64
ba7
>             https://projects.kde.org/projects/kde/kde-
workspace/repository/revisions/7777194da6154375fc8103b8c4e29e385cd7a
e2e

Hi Jan et al.

Actually, issue #1's fix (CVE-2013-4132) just missed the 
tag/release 
deadline for 4.10.5 by a day or two. The FIXED-IN entry in the
revision comment is inaccurate.

Distribs, when upgrading to kde-workspace 4.10.5, should apply
https://projects.kde.org/projects/kde/kde-
workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64
ba7.

Best,

--mancha

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ