Summary: | kde-base/kdm and kde-base/kdebase: Local Denial of Service (CVE-2007-5963) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | armin76, beandog, corsair, dertobi123, fauli, ferdy, jer, philantrop, tsunam, welp, wolf31o2 | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | B3 [noglsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
![]() Wulf, please do not commit anything yet. I'll attach a patch. If you want to prepare an ebuild, please attach it to this bug. Created attachment 137399 [details, diff]
post-3.5.8-kdebase-kdm.diff
Fixed in kdm-3.5.8-r1 and kdebase-3.5.8-r2. This is not much of an issue, though. Now fixed in kdm-3.5.7-r3 and kdebase-3.5.7-r5, too, both of which should be stabilised. Wulf, did you agree on a disclosure date with upstream? CC'ing arch security liaisons, wolf31o2 for releng and armin76 and opfer for support :-) kde-base/kdm-3.5.7-r3: Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86" kde-base/kdebase-3.5.7-r5: Target keywords : "alpha amd64 hppa ia64 mips ppc ppc64 sparc x86" (In reply to comment #5) > kde-base/kdebase-3.5.7-r5: > Target keywords : "alpha amd64 hppa ia64 mips ppc ppc64 sparc x86" Stable for x86, kdm to follow by maekke...so watch out. both ppc stable ppc64 stable Created attachment 137716 [details, diff]
kdm3-face-dos.diff
Dirk Müller pointed out that a part was missing from the attachment posted on this bug. Attaching that additional hunk.
Stable for HPPA. alpha/ia64/sparc stable Adding welp the slacker so he can do it for amd64 if nobody does it before Aaaaaand! The slacker does it again! Stable on amd64 :-) This is ready for glsa vote. I vote NO. no too, and closing. We'll unrestrict it once this goes public. Upstream won't do anything about it. They don't consider this a real security issue so this bug can be unrestricted. I was waiting for CVE-2007-5963 to get public, but Dirk also stated it is no longer under embargo. Unrestricting. (In reply to comment #16) > Upstream won't do anything about it. They don't consider this a real security > issue so this bug can be unrestricted. To clarify, they ARE going to fix it for the next upstream release, but just don't feel it warrants an advisory. Does not affect current (2008.0) release. Removing release. |