Summary: | x11-misc/xscreensaver Authentication flaw (CVE-2007-1859) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://secunia.com/advisories/25065/ | ||||||
Whiteboard: | B? [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2007-04-30 14:35:09 UTC
drac please advise. Could you attach the patch mentioned? I'm working on upgrading xscreensaver as we speak but I would like to verify it really fixes this issue. Created attachment 117844 [details, diff]
xscreensaver-4.18-check-for-null-passwd-entry.patch
(In reply to comment #4) > Created an attachment (id=117844) [edit] > xscreensaver-4.18-check-for-null-passwd-entry.patch > Confirming it's fixed in 5.02. Samuli, is 5.x ready for stable marking? Also I did you find any detailed public information about this yet? (In reply to comment #6) > Samuli, is 5.x ready for stable marking? 5.02 fixing this issue is ready to go stable, and bug 167688 should be marked duplicate of it. > > Also did you find any detailed public information about this yet? > Couldn't find any information about it. Calling arch security liaisons. Please test and mark stable. Bug #167688 will be duped once this goes public. I guess alpha and mips can unCC themselves from it though. xscreensaver-5.01-nsfw.patch does not apply: * Applying xscreensaver-5.01-nsfw.patch ... * Failed Patch: xscreensaver-5.01-nsfw.patch ! * ( /usr/portage/x11-misc/xscreensaver/files/xscreensaver-5.01-nsfw.patch ) * * Include in your bugreport the contents of: * * /var/tmp/paludis/x11-misc/xscreensaver-5.02/temp//xscreensaver-5.01-nsfw.patch-17175.out Back to ebuild status to get this fixed. (In reply to comment #10) > Back to ebuild status to get this fixed. > Oops, overlooked patch used for USE="-offensive". Fixed patch is in CVS, thanks Corsair for not using offensive material. :-) Back to stable again then :) ppc64 stable sparc stable. amd64 stable Alpha stable. I'll get to it tomorrow, I just got back and need to recover from the trip I'm not able to do the security stuff until 11th of May. For more information look at my devaway. Adding JeR to all security relevant bugs. *** Bug 176913 has been marked as a duplicate of this bug. *** Opening since this is public now and replacing arch security liasons with arches. ppc stable ia64 + x86 stable and removing security liaisons. Stable for HPPA. This one is ready for GLSA vote. I vote YES. vote YES too. s/A/B since it's under certain configurations only GLSA 200705-14 mips has 5.03 stable, per Bug #195253. |