oss-sec mailing list archives

CVE Request -- kde-workspace 4.10.5 fixing two security flaws

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 16 Jul 2013 11:49:57 -0400 (EDT)

Hello Kurt, Steve, vendors,

  while not listed in the announcement:
  [1] http://www.kde.org/announcements/announce-4.10.5.php

looks like kde-workspace v4.10.5 fixed two security flaws
(the second one a minor one):

* Issue #1 - Possible NULL pointer dereference in KDM and KCheckPass
             when glibc 2.17 (eglibc 2.17) or FIPS enabled system used
             Bug: https://git.reviewboard.kde.org/r/111261/
             Relevant patches:
               
https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
               
https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/7777194da6154375fc8103b8c4e29e385cd7ae2e

* Issue #2 - Plasma desktop is leaking memory in X if some system tray icon is blinking
             Bug: https://bugs.kde.org/show_bug.cgi?id=314919
             Relevant patch:
               
https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/2c810db3e41d56ad7dd8ec3436f3cf3abcc31983

Could you allocate CVE ids for these?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- kde-workspace 4.10.5 fixing two security flaws Jan Lieskovsky (Jul 16)
- Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws Kurt Seifried (Jul 16)
- <Possible follow-ups>
- Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws mancha (Jul 16)