From ${URL} : The screen locking application slock (http://tools.suckless.org/slock/) calls crypt(3) and uses the return value for strcmp(3) without checking to see if the return value of crypt(3) was a NULL pointer. If the hash returned by (getspnam()->sp_pwdp) is invalid, crypt(3) will return NULL and set errno to EINVAL. This will cause slock to segfault which then leaves the machine unprotected. References: http://seclists.org/oss-sec/2016/q3/328 http://s1m0n.dft-labs.eu/files/slock/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Patch applied in =x11-misc/slock-1.3-r3
Arches, please test and mark stable =x11-misc/slock-1.3-r3 Target keywords: amd64 hppa x86
Stable for HPPA.
amd64 stable
Stable for x86.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Closing noglsa.