Red Hat Bugzilla – Full Text Bug Listing
|Product:||[Other] Security Response||Reporter:||Vincent Danen <vdanen>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||jreznik, kevin, ltinkl, rdieter, rnovacek, smparrish, than|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2013-04-11 17:42:43 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||840627|
Description Vincent Danen 2012-07-16 13:55:56 EDT
Comment 1 Vincent Danen 2012-07-16 13:57:36 EDT
Created kdepim tracking bugs for this issue Affects: fedora-all [bug 840627]
Comment 2 Vincent Danen 2012-07-16 13:58:51 EDT
I've asked upstream for confirmation as to when this was introduced: http://www.openwall.com/lists/oss-security/2012/07/16/3
Comment 3 Ngo Than 2012-07-17 06:43:29 EDT
this issue was committed in december 2000 https://projects.kde.org/projects/kde/kdepim/repository/revisions/a15bbe697a6f139de014309008bb23f2eb8c450c but it's first included in 4.6.0 stable release, so this issue is not affected in rhel =< 6 but in f16,f17 and rawhide.
Comment 4 Ngo Than 2012-07-17 06:52:26 EDT
Comment 5 Vincent Danen 2012-07-17 12:03:04 EDT
That's right, according to upstream's response, this was added in 4.6 or 4.7: http://www.openwall.com/lists/oss-security/2012/07/17/4 Statement: Not vulnerable. This issue did not affect the versions of kdepim as shipped with Red Hat Enterprise Linux 5 or 6.
Comment 6 Vincent Danen 2012-07-17 15:43:53 EDT
This was assigned the name CVE-2012-3413: http://www.openwall.com/lists/oss-security/2012/07/17/11
Comment 7 Fedora Update System 2012-07-19 04:56:43 EDT
kdepim-4.8.4-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2012-07-26 18:33:38 EDT
kdepim-4.8.4-4.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.