oss-sec mailing list archives
Re: CVE Request: lightdm incorrect .Xauthority permissions
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 11 Sep 2013 14:47:23 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/11/2013 07:05 AM, Marc Deslauriers wrote:
Hello, lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with world-readable permissions. Fixed by the following commits: 1.4.x: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1571
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1576
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1577 1.6.x: http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1641
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1652
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1653 1.7.x: http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1675
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1780
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1781 Bug reports: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023 https://bugs.launchpad.net/lightdm/+bug/685212 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721744 Could a CVE please be assigned to this issue? Thanks, Marc.
Please use CVE-2013-4331 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSMNbbAAoJEBYNRVNeJnmT0GwP/jdCZQzEbvqF/cdj3isPxdwC PBDIUKbLp0rJg2tnMg9RGPYWj5O6h72i1Dc6UunbBhyHr2JXA0TLyadXhSvVRRTN Mo/kP1Tz92zicUjmzgpLQTGDsKp0QbMQUq3Lo+hHLtGeSaKKVudToVSNm4qhX3/C TryB4a+olKQZ3V49DB+RO6e/2PVYr9Ihs1/BtT4ThxpsoC98OOHGz/YCDXoQLIyU AhXCc+vAlNYnLewL06Dh5OneHuGQzn7DXfn0TJQ8N+Qc9Lit6SbHR+vPOmAL8WXk 7u029cYtQ2YH1q1x7yx8Icdv4RHcIV8chtP5NsmPAxjqUKT+oYb9TPOoVyXBmJfT rRk/4GhfzoX71Jzx4GC1pr0s9ODKGSZROxuzHRyQVoUNL06ya+nZaPC8FOU/yk7F Uk6bGq2b5HJBcH9FInu8SO399uMYs3fZwRz7Ts1llN4FyVqY9jUY1ymMMUIn+OtW DvBXN+F+jbN3v47j8+wFPFW4D+JLaQeinuAJ/ISCaJxix0RNxkr55amNO1hqYnEj IN9KoGvYzGdN/F817ygY2/1/egEbGvmGhxAFwbJyg3F/gtKpGgWAOq3FClcHxlWt c6utr90j1IhMO61khFziiEzz87rWN3BSmdUvE/DtPagf4RSuMVSVq4uqkAxU4unS 5DMkHVOjT6kFx9gEJnTi =garn -----END PGP SIGNATURE-----
Current thread:
- CVE Request: lightdm incorrect .Xauthority permissions Marc Deslauriers (Sep 11)
- Re: CVE Request: lightdm incorrect .Xauthority permissions Kurt Seifried (Sep 11)