oss-security - CVE Request -- kde-workspace 4.10.5 fixing two security flaws

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <995448632.1743634.1373989797019.JavaMail.root@redhat.com>
Date: Tue, 16 Jul 2013 11:49:57 -0400 (EDT)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE Request -- kde-workspace 4.10.5 fixing two security flaws

Hello Kurt, Steve, vendors,

  while not listed in the announcement:
  [1] http://www.kde.org/announcements/announce-4.10.5.php

looks like kde-workspace v4.10.5 fixed two security flaws
(the second one a minor one):

* Issue #1 - Possible NULL pointer dereference in KDM and KCheckPass
             when glibc 2.17 (eglibc 2.17) or FIPS enabled system used
             Bug: https://git.reviewboard.kde.org/r/111261/
             Relevant patches:
               https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
               https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/7777194da6154375fc8103b8c4e29e385cd7ae2e

* Issue #2 - Plasma desktop is leaking memory in X if some system tray icon is blinking
             Bug: https://bugs.kde.org/show_bug.cgi?id=314919
             Relevant patch:
               https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/2c810db3e41d56ad7dd8ec3436f3cf3abcc31983

Could you allocate CVE ids for these?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.