Date: Tue, 16 Jul 2013 18:49:34 +0000 From: "mancha" <mancha1@...h.com> To: oss-security@...ts.openwall.com, jlieskov@...hat.com Cc: coley@...us.mitre.org Subject: Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws On Tue, 16 Jul 2013 15:50:25 +0000 "Jan Lieskovsky" wrote: >Hello Kurt, Steve, vendors, > > while not listed in the announcement: >  http://www.kde.org/announcements/announce-4.10.5.php > >looks like kde-workspace v4.10.5 fixed two security flaws >(the second one a minor one): > >* Issue #1 - Possible NULL pointer dereference in KDM and >KCheckPass when glibc 2.17 (eglibc 2.17) or FIPS enabled system >used > Bug: https://git.reviewboard.kde.org/r/111261/ > Relevant patches: > https://projects.kde.org/projects/kde/kde- workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64 ba7 > https://projects.kde.org/projects/kde/kde- workspace/repository/revisions/7777194da6154375fc8103b8c4e29e385cd7a e2e Hi Jan et al. Actually, issue #1's fix (CVE-2013-4132) just missed the tag/release deadline for 4.10.5 by a day or two. The FIXED-IN entry in the revision comment is inaccurate. Distribs, when upgrading to kde-workspace 4.10.5, should apply https://projects.kde.org/projects/kde/kde- workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64 ba7. Best, --mancha
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ