oss-sec mailing list archives

Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws

From: "mancha" <mancha1 () hush com>
Date: Tue, 16 Jul 2013 18:49:34 +0000

On Tue, 16 Jul 2013 15:50:25 +0000 "Jan Lieskovsky" wrote:

Hello Kurt, Steve, vendors,

 while not listed in the announcement:
 [1] http://www.kde.org/announcements/announce-4.10.5.php

looks like kde-workspace v4.10.5 fixed two security flaws
(the second one a minor one):

* Issue #1 - Possible NULL pointer dereference in KDM and 
KCheckPass when glibc 2.17 (eglibc 2.17) or FIPS enabled system 
used
Bug: https://git.reviewboard.kde.org/r/111261/
            Relevant patches:
            https://projects.kde.org/projects/kde/kde-

workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64
ba7

            https://projects.kde.org/projects/kde/kde-

workspace/repository/revisions/7777194da6154375fc8103b8c4e29e385cd7a
e2e

Hi Jan et al.

Actually, issue #1's fix (CVE-2013-4132) just missed the 
tag/release 
deadline for 4.10.5 by a day or two. The FIXED-IN entry in the
revision comment is inaccurate.

Distribs, when upgrading to kde-workspace 4.10.5, should apply
https://projects.kde.org/projects/kde/kde-
workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64
ba7.

Best,

--mancha

Current thread:

CVE Request -- kde-workspace 4.10.5 fixing two security flaws Jan Lieskovsky (Jul 16)
- Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws Kurt Seifried (Jul 16)
- <Possible follow-ups>
- Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws mancha (Jul 16)