oss-sec mailing list archives
CVE Request - Slim 1.3.6 fixes a security issue
From: "mancha" <mancha1 () hush com>
Date: Wed, 09 Oct 2013 13:03:14 +0000
Hello Kurt, vendors, et al. Slim 1.3.6 fixes a security flaw related to a potential NULL ptr. dereference when using crypt() from glibc 2.17+ (eglibc 2.17+). Without the fix, malformed or unsupported salts crash the login daemon. Upstream fix: http://git.berlios.de/cgi- bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f b Would you please allocate a CVE for this issue? Regards, --mancha
Current thread:
- CVE Request - Slim 1.3.6 fixes a security issue mancha (Oct 09)
- Re: CVE Request - Slim 1.3.6 fixes a security issue Kurt Seifried (Oct 09)