Bug#725902: marked as done (slim: CVE-2013-4412: NULL pointer dereference)

Sat, 22 Feb 2014 09:21:48 -0800 

Your message dated Sat, 22 Feb 2014 17:19:45 +0000
with message-id <[email protected]>
and subject line Bug#725902: fixed in slim 1.3.6-0.1
has caused the Debian Bug report #725902,
regarding slim: CVE-2013-4412: NULL pointer dereference
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
725902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725902
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: slim
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for slim.

CVE-2013-4412[0]:
NULL ptr dereference

Upstream fix is at [1] and as eglibc (>= 2.17) is only in jessie and
unstable it does not affect oldstable and stable.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4412
    http://security-tracker.debian.org/tracker/CVE-2013-4412
[1] 
http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: slim
Source-Version: 1.3.6-0.1

We believe that the bug you reported is fixed in the latest version of
slim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mateusz Łukasik <[email protected]> (supplier of updated slim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 22 Feb 2014 09:58:00 +0100
Source: slim
Binary: slim
Architecture: source amd64
Version: 1.3.6-0.1
Distribution: unstable
Urgency: medium
Maintainer: Nobuhiro Iwamatsu <[email protected]>
Changed-By: Mateusz Łukasik <[email protected]>
Description: 
 slim       - desktop-independent graphical login manager for X11
Closes: 689781 692148 698257 705883 725902
Changes: 
 slim (1.3.6-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release:
     - Added systemd support. (Closes: #692148)
     - Fixed CVE-2013-4412. (Closes: #725902)
   * Add debian/watch.
   * debian/control:
     - Update build depends for new version.
     - Bump standards version to 3.9.5.
   * Add fvwm to slim.conf. (Closes: #689781)
   * Remove debian/patches/disable_log.patch -- no longer needed.
   * Update debian/slim.init:
     - Use lsb init functions in the init script file. (Closes: #698257)
     - Run dbus before slim. (Closes: #705883)
   * Refresh debian/patches/slim-fix-env-alloc.patch.
   * Rewrite debian/copyright.
Checksums-Sha1: 
 df06fee52193f7b7d355f8a0a202588e63c3d9d7 1893 slim_1.3.6-0.1.dsc
 9407ea2ee7b2ed649f17a8ddbf1f7b26a7c7b9fb 232547 slim_1.3.6.orig.tar.gz
 f228e3f3a0fb24eb683a92c1f471c0b2cd8e09b1 917440 slim_1.3.6-0.1.debian.tar.xz
 4c3131d4dea9c1b7057e02b5736df6e9d312fca6 1170996 slim_1.3.6-0.1_amd64.deb
Checksums-Sha256: 
 6f650f5dbdb07dbdd48539cf362fb9770460f918c9594abe00c71484b8d9fbd8 1893 
slim_1.3.6-0.1.dsc
 21defeed175418c46d71af71fd493cd0cbffd693f9d43c2151529125859810df 232547 
slim_1.3.6.orig.tar.gz
 05e82c14c8946562093b8d1fe03ef25f48e8e4afeba6e0cf35676a3b3daa39b6 917440 
slim_1.3.6-0.1.debian.tar.xz
 1d4393bc17d35bef1a22dee2670953881515a28832bd1dec08a8bcfb6b0413b3 1170996 
slim_1.3.6-0.1_amd64.deb
Files: 
 373b4f68ce5d81ea55c15e4ca3494b1d 1893 x11 optional slim_1.3.6-0.1.dsc
 d40d256394f9ef34cef34d2aa9cb52e6 232547 x11 optional slim_1.3.6.orig.tar.gz
 9e9715a966e329af79afae0b8066ef2a 917440 x11 optional 
slim_1.3.6-0.1.debian.tar.xz
 7ce800927f4b652b67a8e305545cea39 1170996 x11 optional slim_1.3.6-0.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTCNjkAAoJEHQmOzf1tfkTmw0P/3KcfMcDeaaW/I83ZcqHjwWc
Si1/D3OVh7aBCqQ8LFqziRh6/QTwmODhIB6riZsTIKx3mxpOnAdwTJap+eIu8IHD
6H50X3UttLweAtywZAsZio3CWieG2jHmwTaARQFa6b/QoJeAvx/i1V/YNja2h99N
G+2XvKXuHz268nPh5VPhbhgvVe4vOO+QNP1FvN88gVJ+GKYaiuhQGfEckyb5sawV
wANd5hz3ReTNisGQ80lC6uQmcGc/G5YMKKKTSFv/1vtYFNvfhpfAnABgQuQ7dyVz
FdJaDZixll1TT6Jqf/NaBmyWbpOZR+ngROw7X/yDpHbjuw4tnQ58IYOMD2mt7Ndd
fWqgbNA4oZxfV8o5M3EM4/wSO45tKJO2CQLyV96+CIzErqTimY+ZoyhwS4Uwsxob
3wfLpWxtMALZulmNhvikVOsYtW0C4xX3+8xMYw48ILqvML95DRDR7N+rrYJ6U3AD
WDjLNzoUGvHl5dUXKwPN0iBMC9wORk93n8BKmzjxBWL+QsKyMx/D52Rt0BhoK5zw
8vA6WLcf5AbHGL9ztzVfoEFEbe9dIcAdQCHpjX+pPnoNChdBDgNBCWTweh8j8G00
EAksqDCNJKmyWTPD3LA7EoYYL97GJVvSsboGjUkylgZrKx/MYdmsNjutOd1iMwxa
i2jgad66dsz0oW5VhpmP
=TJiU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to