Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

slim: CVE-2013-4412: NULL pointer dereference

Related Vulnerabilities: CVE-2013-4412  

Source

Debian Bug report logs - #725902
slim: CVE-2013-4412: NULL pointer dereference

version graph

Package: slim; Maintainer for slim is Nobuhiro Iwamatsu <iwamatsu@debian.org>; Source for slim is src:slim (PTS, buildd, popcon).

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 9 Oct 2013 20:36:02 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Fixed in version slim/1.3.6-0.1

Done: Mateusz Łukasik <mati75@linuxmint.pl>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Nobuhiro Iwamatsu <iwamatsu@debian.org>:
Bug#725902; Package slim. (Wed, 09 Oct 2013 20:36:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Nobuhiro Iwamatsu <iwamatsu@debian.org>. (Wed, 09 Oct 2013 20:36:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: slim: CVE-2013-4412: NULL pointer dereference
Date: Wed, 09 Oct 2013 22:33:07 +0200
Package: slim
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for slim.

CVE-2013-4412[0]:
NULL ptr dereference

Upstream fix is at [1] and as eglibc (>= 2.17) is only in jessie and
unstable it does not affect oldstable and stable.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4412
    http://security-tracker.debian.org/tracker/CVE-2013-4412
[1] http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f

Regards,
Salvatore

Reply sent to Mateusz Łukasik <mati75@linuxmint.pl>:
You have taken responsibility. (Sat, 22 Feb 2014 17:21:30 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 22 Feb 2014 17:21:30 GMT) (full text, mbox, link).

Message #10 received at 725902-close@bugs.debian.org (full text, mbox, reply):

From: Mateusz Łukasik <mati75@linuxmint.pl>
To: 725902-close@bugs.debian.org
Subject: Bug#725902: fixed in slim 1.3.6-0.1
Date: Sat, 22 Feb 2014 17:19:45 +0000
Source: slim
Source-Version: 1.3.6-0.1

We believe that the bug you reported is fixed in the latest version of
slim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 725902@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mateusz Łukasik <mati75@linuxmint.pl> (supplier of updated slim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 22 Feb 2014 09:58:00 +0100
Source: slim
Binary: slim
Architecture: source amd64
Version: 1.3.6-0.1
Distribution: unstable
Urgency: medium
Maintainer: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Changed-By: Mateusz Łukasik <mati75@linuxmint.pl>
Description: 
 slim       - desktop-independent graphical login manager for X11
Closes: 689781 692148 698257 705883 725902
Changes: 
 slim (1.3.6-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release:
     - Added systemd support. (Closes: #692148)
     - Fixed CVE-2013-4412. (Closes: #725902)
   * Add debian/watch.
   * debian/control:
     - Update build depends for new version.
     - Bump standards version to 3.9.5.
   * Add fvwm to slim.conf. (Closes: #689781)
   * Remove debian/patches/disable_log.patch -- no longer needed.
   * Update debian/slim.init:
     - Use lsb init functions in the init script file. (Closes: #698257)
     - Run dbus before slim. (Closes: #705883)
   * Refresh debian/patches/slim-fix-env-alloc.patch.
   * Rewrite debian/copyright.
Checksums-Sha1: 
 df06fee52193f7b7d355f8a0a202588e63c3d9d7 1893 slim_1.3.6-0.1.dsc
 9407ea2ee7b2ed649f17a8ddbf1f7b26a7c7b9fb 232547 slim_1.3.6.orig.tar.gz
 f228e3f3a0fb24eb683a92c1f471c0b2cd8e09b1 917440 slim_1.3.6-0.1.debian.tar.xz
 4c3131d4dea9c1b7057e02b5736df6e9d312fca6 1170996 slim_1.3.6-0.1_amd64.deb
Checksums-Sha256: 
 6f650f5dbdb07dbdd48539cf362fb9770460f918c9594abe00c71484b8d9fbd8 1893 slim_1.3.6-0.1.dsc
 21defeed175418c46d71af71fd493cd0cbffd693f9d43c2151529125859810df 232547 slim_1.3.6.orig.tar.gz
 05e82c14c8946562093b8d1fe03ef25f48e8e4afeba6e0cf35676a3b3daa39b6 917440 slim_1.3.6-0.1.debian.tar.xz
 1d4393bc17d35bef1a22dee2670953881515a28832bd1dec08a8bcfb6b0413b3 1170996 slim_1.3.6-0.1_amd64.deb
Files: 
 373b4f68ce5d81ea55c15e4ca3494b1d 1893 x11 optional slim_1.3.6-0.1.dsc
 d40d256394f9ef34cef34d2aa9cb52e6 232547 x11 optional slim_1.3.6.orig.tar.gz
 9e9715a966e329af79afae0b8066ef2a 917440 x11 optional slim_1.3.6-0.1.debian.tar.xz
 7ce800927f4b652b67a8e305545cea39 1170996 x11 optional slim_1.3.6-0.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTCNjkAAoJEHQmOzf1tfkTmw0P/3KcfMcDeaaW/I83ZcqHjwWc
Si1/D3OVh7aBCqQ8LFqziRh6/QTwmODhIB6riZsTIKx3mxpOnAdwTJap+eIu8IHD
6H50X3UttLweAtywZAsZio3CWieG2jHmwTaARQFa6b/QoJeAvx/i1V/YNja2h99N
G+2XvKXuHz268nPh5VPhbhgvVe4vOO+QNP1FvN88gVJ+GKYaiuhQGfEckyb5sawV
wANd5hz3ReTNisGQ80lC6uQmcGc/G5YMKKKTSFv/1vtYFNvfhpfAnABgQuQ7dyVz
FdJaDZixll1TT6Jqf/NaBmyWbpOZR+ngROw7X/yDpHbjuw4tnQ58IYOMD2mt7Ndd
fWqgbNA4oZxfV8o5M3EM4/wSO45tKJO2CQLyV96+CIzErqTimY+ZoyhwS4Uwsxob
3wfLpWxtMALZulmNhvikVOsYtW0C4xX3+8xMYw48ILqvML95DRDR7N+rrYJ6U3AD
WDjLNzoUGvHl5dUXKwPN0iBMC9wORk93n8BKmzjxBWL+QsKyMx/D52Rt0BhoK5zw
8vA6WLcf5AbHGL9ztzVfoEFEbe9dIcAdQCHpjX+pPnoNChdBDgNBCWTweh8j8G00
EAksqDCNJKmyWTPD3LA7EoYYL97GJVvSsboGjUkylgZrKx/MYdmsNjutOd1iMwxa
i2jgad66dsz0oW5VhpmP
=TJiU
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 26 Mar 2014 07:25:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:59:54 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started