Bug 49881 (CVE-2004-0097)

Summary: VUL-0: CVE-2004-0097: pwlib: multiple vulnerabilities
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0097: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: pwlib_1.2.5-5woody1.diff
patchinfo-box.pwlib
patchinfo.pwlib

Description Thomas Biege 2004-02-23 21:18:01 UTC 
Hi Klaus. 
Debian published an advisory about several security related bugs in pwlib. 
Can you prepare a security update please. 
(SLEC, SL8.0 - STABLE) 
 
Patchinfo files will follow in a few minutes.
Comment 1 Thomas Biege 2004-02-23 21:18:01 UTC 
<!-- SBZ_reproduce  -->
http://www.debian.org/security/2004/dsa-448
Comment 2 Thomas Biege 2004-02-23 21:33:30 UTC 
Created attachment 16124 [details]
pwlib_1.2.5-5woody1.diff
Comment 3 Thomas Biege 2004-02-23 21:36:27 UTC 
Hi Chris, 
this affects your baby. What do you think about testing?
Comment 4 Thomas Biege 2004-02-23 21:46:03 UTC 
Created attachment 16125 [details]
patchinfo-box.pwlib
Comment 5 Thomas Biege 2004-02-23 21:47:36 UTC 
Created attachment 16126 [details]
patchinfo.pwlib
Comment 6 Klaus Kämpf 2004-02-23 22:20:55 UTC 
Wow, great diff ... :-} 
 
--- pwlib-1.2.5.orig/src/ptclib/asner.cxx.orig 
+++ pwlib-1.2.5/src/ptclib/asner.cxx.orig 
@@ -0,0 +1,4453 @@ 
 
Frankly, I don't have time currently for this. If someone sees this as 
extremely important, please say so. 
 
IIRC, pwlib is not a default package
Comment 7 Thomas Biege 2004-02-23 22:33:53 UTC 
 
It is important.
Comment 8 Thomas Biege 2004-02-24 16:43:26 UTC 
Yes there are A LOT of rejects... *sigh* 
 
I will handle this within this week. 
 
Klaus you will owe me a beer for this. ;)
Comment 9 Thomas Biege 2004-02-25 00:57:20 UTC 
build packages for: 
- 8.0 
- 8.1 
- 8.2 
- 9.0 
- SLEC 
 
*I avoid fixing STABLE, because in this case an update can be used for 
fixing.* 
 
 
I'll submit packages tomorrow....
Comment 10 Klaus Kämpf 2004-02-25 01:04:36 UTC 
STABLE already has pwlib 1.6.3pre1
Comment 11 Thomas Biege 2004-02-25 01:21:51 UTC 
and this new version includes all the patches?
Comment 12 Thomas Biege 2004-02-25 01:50:44 UTC 
packages submitted....
Comment 13 Thomas Biege 2004-02-25 03:12:32 UTC 
Klaus, 
if stable includes all the patches, reassign this bug to me please.
Comment 14 Thomas Biege 2004-02-26 21:32:26 UTC 
submitted new packages
Comment 15 Klaus Kämpf 2004-02-29 23:28:52 UTC 
back to Thomas
Comment 16 Klaus Kämpf 2004-02-29 23:48:27 UTC 
the code is stable either is rewritten or has the fixes in place
Comment 17 Thomas Biege 2004-03-15 18:58:24 UTC 
packages approved (YOU only test).
Comment 18 Marcus Meissner 2007-11-30 10:41:50 UTC 
CVE-2004-0097
Comment 19 Thomas Biege 2009-10-13 20:15:12 UTC 
CVE-2004-0097: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)