Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 16 Jul 2013 10:11:49 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- kde-workspace 4.10.5 fixing two
 security flaws

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/16/2013 09:49 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> while not listed in the announcement: [1]
> http://www.kde.org/announcements/announce-4.10.5.php
> 
> looks like kde-workspace v4.10.5 fixed two security flaws (the
> second one a minor one):
> 
> * Issue #1 - Possible NULL pointer dereference in KDM and
> KCheckPass when glibc 2.17 (eglibc 2.17) or FIPS enabled system
> used Bug: https://git.reviewboard.kde.org/r/111261/ Relevant
> patches: 
> https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
>
> 
https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/7777194da6154375fc8103b8c4e29e385cd7ae2e

Please use CVE-2013-4132 for this issue.

> * Issue #2 - Plasma desktop is leaking memory in X if some system
> tray icon is blinking Bug:
> https://bugs.kde.org/show_bug.cgi?id=314919 Relevant patch: 
> https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/2c810db3e41d56ad7dd8ec3436f3cf3abcc31983

Please
> 
use CVE-2013-4133 for this issue.

> Could you allocate CVE ids for these?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR5XDFAAoJEBYNRVNeJnmTLfIP/RVTSMmLYJumi0W8x/E30KZ2
3cUMqoaG5u5SHV8yMgqM+rCshGIyrmnsNvGo7GCVR2ARCfhYJcphVhfKswKKlzty
8mTS/0NHdqoOUhkPCHeN6PuLcN6RhPxJuCiCyknIYscLBiBVwyCK9jqx/nzjN3/A
FKXXho67VI3CkXgrrSV/xjMa4suP2dtvqrQva+VBuk4jrYRSQUdO9IvS0lAMc2Mt
ztiaLlEfKIXBg+M7SrDVaiYcSHQq1pEjeS2XBAMhcg4LDdEkrUzEnNlNJVxLQaVM
rhnz1kgf+xl0z0kX1mQFI/svsQLr0TAXeQapux61YFOTlaW2RGeg9IIXPm2syptJ
VZTd+iO678y0rk5OhSD1KQsnB/noE+cLlWCZAkOGh4NUnYjjhn/WjLHpHTrnuiop
wzg7HNEBYg+q39kCb6sOSzBu1HiHX0i95klwaxSK0TXDk0Css1s5jOiuA+GdXJdg
WAC0XF3vOlQiLGzj3qJnVYTDgdI9e8YqzO1ntSnkah5v1o5/cnAL4BjYd8n+JC5o
42WcMVPvtO7Zf7MzLPLAuBRNk7T6aF8YV2xZVbJI2FYhMhZKntxYMneXIow45WV1
wRkwAcSB+tkgY/Fk5CP3fRjBVDzjPF2jpzL5SKJfmcZyKili8oTqo0M+g80JXR4Q
/71x+Y7C1a8MxylbH9Jf
=1Pm8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.