Re: CVE Request - Slim 1.3.6 fixes a security issue

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/09/2013 07:03 AM, mancha wrote:
> Hello Kurt, vendors, et al.
>
> Slim 1.3.6 fixes a security flaw related to a potential NULL ptr. 
> dereference when using crypt() from glibc 2.17+ (eglibc 2.17+). 
> Without the fix, malformed or unsupported salts crash the login 
> daemon.
>
> Upstream fix: http://git.berlios.de/cgi- 
> bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f
b
> Would you please allocate a CVE for this issue?
>
> Regards,
>
> --mancha

Please use CVE-2013-4412 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSVY0FAAoJEBYNRVNeJnmTmBUQAI7mc7UsIOY00ZgioN9vK+3T
rkEsqaWceujRSMZY/f8hrjmVZvwqQ0ycRTXVZ2GZtYVnGLz2gYGnWB9pR3FBNZ+E
L8XJuBW4ShjVkxuHIZRnWgijB97o3epKRKAKWIipIRYmqtGw9R1Bu4lTebyV3vTt
TPzsfhC+6VZjtbCPZDr899pWKsRv8CAM2zKLPkjuhEzyQ6BZAK/BiBRDGsseM6Po
dTwycNHnzJcZ+mzb59WYwAloe8LpJXEzzc7XNLCjvGijMd1F6ID4fy4gnlKJ45pN
XbnHf0jYlGvOTxAdic9x32r0x5KtMpwqzLukmKoBkntdlBEoLOID4xWy8yBdNGIu
hZ16HBJarcnGmnzbSeHbhcJ+DW9n782qCoUMZTqdHWVysLXmDfdnoJGjdp9oHRq7
gEKWtur3y30s8IBjG7kNesdTniOG7ZEA2pZ5S2zLA0AOPc7A7ogBuVjdefGOB6Er
huvz+as5wgpS/mI7pBfsptrlpaXe1M/aZm90WZf+Q7MFXcvFifDCia1haahwL7nc
5CiICKV1hlASMfuAEFsdhcTrdZ+fEM8Z3nsa27BPUDUuIOCqNSdPUHxD9CzPPjuT
KysGsdtEgbe498LUMC6trtidDFeKMcUqPlCXtBK0z2zi8cJ6WN+VJTqe0oKWGSql
rWPIGof4/DH1P5A3qIzh
=aKYM
-----END PGP SIGNATURE-----