Bug 49881 (CVE-2004-0097) - VUL-0: CVE-2004-0097: pwlib: multiple vulnerabilities
Summary: VUL-0: CVE-2004-0097: pwlib: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2004-0097
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Thomas Biege
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0097: CVSS v2 Base Score: 10...
Keywords:
Depends on:
Blocks:
 
Reported: 2004-02-23 21:18 UTC by Thomas Biege
Modified: 2021-09-29 14:59 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
pwlib_1.2.5-5woody1.diff (146.71 KB, patch)
2004-02-23 21:33 UTC, Thomas Biege 		Details | Diff
patchinfo-box.pwlib (547 bytes, text/plain)
2004-02-23 21:46 UTC, Thomas Biege 		Details
patchinfo.pwlib (373 bytes, text/plain)
2004-02-23 21:47 UTC, Thomas Biege 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2004-02-23 21:18:01 UTC 
Hi Klaus. 
Debian published an advisory about several security related bugs in pwlib. 
Can you prepare a security update please. 
(SLEC, SL8.0 - STABLE) 
 
Patchinfo files will follow in a few minutes.
Comment 1 Thomas Biege 2004-02-23 21:18:01 UTC 
<!-- SBZ_reproduce  -->
http://www.debian.org/security/2004/dsa-448
Comment 2 Thomas Biege 2004-02-23 21:33:30 UTC 
Created attachment 16124 [details]
pwlib_1.2.5-5woody1.diff
Comment 3 Thomas Biege 2004-02-23 21:36:27 UTC 
Hi Chris, 
this affects your baby. What do you think about testing?
Comment 4 Thomas Biege 2004-02-23 21:46:03 UTC 
Created attachment 16125 [details]
patchinfo-box.pwlib
Comment 5 Thomas Biege 2004-02-23 21:47:36 UTC 
Created attachment 16126 [details]
patchinfo.pwlib
Comment 6 Klaus Kämpf 2004-02-23 22:20:55 UTC 
Wow, great diff ... :-} 
 
--- pwlib-1.2.5.orig/src/ptclib/asner.cxx.orig 
+++ pwlib-1.2.5/src/ptclib/asner.cxx.orig 
@@ -0,0 +1,4453 @@ 
 
Frankly, I don't have time currently for this. If someone sees this as 
extremely important, please say so. 
 
IIRC, pwlib is not a default package
Comment 7 Thomas Biege 2004-02-23 22:33:53 UTC 
 
It is important.
Comment 8 Thomas Biege 2004-02-24 16:43:26 UTC 
Yes there are A LOT of rejects... *sigh* 
 
I will handle this within this week. 
 
Klaus you will owe me a beer for this. ;)
Comment 9 Thomas Biege 2004-02-25 00:57:20 UTC 
build packages for: 
- 8.0 
- 8.1 
- 8.2 
- 9.0 
- SLEC 
 
*I avoid fixing STABLE, because in this case an update can be used for 
fixing.* 
 
 
I'll submit packages tomorrow....
Comment 10 Klaus Kämpf 2004-02-25 01:04:36 UTC 
STABLE already has pwlib 1.6.3pre1
Comment 11 Thomas Biege 2004-02-25 01:21:51 UTC 
and this new version includes all the patches?
Comment 12 Thomas Biege 2004-02-25 01:50:44 UTC 
packages submitted....
Comment 13 Thomas Biege 2004-02-25 03:12:32 UTC 
Klaus, 
if stable includes all the patches, reassign this bug to me please.
Comment 14 Thomas Biege 2004-02-26 21:32:26 UTC 
submitted new packages
Comment 15 Klaus Kämpf 2004-02-29 23:28:52 UTC 
back to Thomas
Comment 16 Klaus Kämpf 2004-02-29 23:48:27 UTC 
the code is stable either is rewritten or has the fixes in place
Comment 17 Thomas Biege 2004-03-15 18:58:24 UTC 
packages approved (YOU only test).
Comment 18 Marcus Meissner 2007-11-30 10:41:50 UTC 
CVE-2004-0097
Comment 19 Thomas Biege 2009-10-13 20:15:12 UTC 
CVE-2004-0097: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)