oss-sec mailing list archives
Re: CVE Request - xlockmore 5.43 fixes a security flaw
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 16 Jul 2013 14:18:03 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/16/2013 01:18 PM, mancha wrote:
Hello Kurt, vendors, et al. xlockmore 5.43 released 2 days ago with a fix for a security flaw related to potential NULL pointer dereferences when authenticating via glibc 2.17+ crypt() and OSF/1 C2 security's dispcrypt(). Under certain conditions the NULL pointers can trigger a crash in xlockmore effectively bypassing the screen lock. [1] http://www.tux.org/~bagleyd/xlock/xlockmore.README --mancha
To reiterate: so I can confirm CVE assignments, and prevent duplicate assignments you *MUST* provide links to the code commits/vulnerable code. I don't have the time to go hunting through your source code for them. People need to start making better CVE requests, or you're not going to get CVEs from me. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR5ap7AAoJEBYNRVNeJnmTfBYP/2OoM+WauwiYv/jplnPi5TbO AAoFy0XP4Yu/Ey8N9wgbRak4OfSB98rhnLWprCubRIZT2F2L2//jGRotsDhI6CSD p2CgTGkqHNQpqknA4GLuOT4X3l5nNnnmIeQZI3xfyhztDpi2t4RQ49BHbiMRUeTT as/uzV/M8hRZOaoOWbVMBOa3l9VAbrlgKuAeYNFfbaZD9pp0ED2pem9jXUCfmK2U OmN2Pj8oYWSOj5nANqsYFwwC66F44N9Ua4xVVb8SLeMRnfDpbVrII7wmOSCDvHSo +G0mx8By4PmHUhnFqoe3Xfw9gRie+xJJ1vexO8pOODsg/mhQ0kOBywwCORxzn0Ky Tjy+M2+B8HsERhjXTh46ggruel8Li7aGHXaNnGz/fw1xorlNGRCo+OnBOTaynsX0 Ou04Qpou7bmALjmKhrQ+zW6t2ZwkbvN+kXmBb0OM4kjovx3fPD/T2VGXnNQs94Nh OxVs/FXYKgMejCLWuOvT4hJxe5etjez6fz9B6QBTbi+CpjaAt/A4809ckp0B7CXt ASr9DtpKpTbtvELblv9BUCOIrgyclULW4KnR83HiE56MXgutWuZxT7r+FlBqlyyK ZYd17SUv1o96Y11KNfSpq0FVvObgZdSV0ptKkIa/UNowm3JuZc8zclPz8xyNNDWE WoONkFfhKyNGJHVsLt4H =69Jx -----END PGP SIGNATURE-----
Current thread:
- CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 16)
- Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried (Jul 16)
- <Possible follow-ups>
- Re: CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 16)
- Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried (Jul 18)
- Re: CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 18)
- Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried (Jul 18)