Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 16 Jul 2013 10:11:49 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/16/2013 09:49 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors,

while not listed in the announcement: [1]
http://www.kde.org/announcements/announce-4.10.5.php

looks like kde-workspace v4.10.5 fixed two security flaws (the
second one a minor one):

* Issue #1 - Possible NULL pointer dereference in KDM and
KCheckPass when glibc 2.17 (eglibc 2.17) or FIPS enabled system
used Bug: https://git.reviewboard.kde.org/r/111261/ Relevant
patches: 
https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7


https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/7777194da6154375fc8103b8c4e29e385cd7ae2e

Please use CVE-2013-4132 for this issue.

* Issue #2 - Plasma desktop is leaking memory in X if some system
tray icon is blinking Bug:
https://bugs.kde.org/show_bug.cgi?id=314919 Relevant patch: 
https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/2c810db3e41d56ad7dd8ec3436f3cf3abcc31983

Please

use CVE-2013-4133 for this issue.

Could you allocate CVE ids for these?

Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
Security Response Team



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR5XDFAAoJEBYNRVNeJnmTLfIP/RVTSMmLYJumi0W8x/E30KZ2
3cUMqoaG5u5SHV8yMgqM+rCshGIyrmnsNvGo7GCVR2ARCfhYJcphVhfKswKKlzty
8mTS/0NHdqoOUhkPCHeN6PuLcN6RhPxJuCiCyknIYscLBiBVwyCK9jqx/nzjN3/A
FKXXho67VI3CkXgrrSV/xjMa4suP2dtvqrQva+VBuk4jrYRSQUdO9IvS0lAMc2Mt
ztiaLlEfKIXBg+M7SrDVaiYcSHQq1pEjeS2XBAMhcg4LDdEkrUzEnNlNJVxLQaVM
rhnz1kgf+xl0z0kX1mQFI/svsQLr0TAXeQapux61YFOTlaW2RGeg9IIXPm2syptJ
VZTd+iO678y0rk5OhSD1KQsnB/noE+cLlWCZAkOGh4NUnYjjhn/WjLHpHTrnuiop
wzg7HNEBYg+q39kCb6sOSzBu1HiHX0i95klwaxSK0TXDk0Css1s5jOiuA+GdXJdg
WAC0XF3vOlQiLGzj3qJnVYTDgdI9e8YqzO1ntSnkah5v1o5/cnAL4BjYd8n+JC5o
42WcMVPvtO7Zf7MzLPLAuBRNk7T6aF8YV2xZVbJI2FYhMhZKntxYMneXIow45WV1
wRkwAcSB+tkgY/Fk5CP3fRjBVDzjPF2jpzL5SKJfmcZyKili8oTqo0M+g80JXR4Q
/71x+Y7C1a8MxylbH9Jf
=1Pm8
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault