oss-sec mailing list archives

Re: Re: [LightDM] Version 1.0.6 released

From: Yves-Alexis Perez <corsac () debian org>
Date: Wed, 02 Nov 2011 17:31:23 +0100

On mer., 2011-11-02 at 10:16 -0600, Kurt Seifried wrote:

On 11/02/2011 09:54 AM, Yves-Alexis Perez wrote:

On mer., 2011-11-02 at 11:42 -0400, Robert Ancell wrote:

Fixes a security issue where using ~/.Xauthority as a symlink would
cause LightDM to set the destination of the link to user ownership.
All users of 1.0.4 or 1.0.5 should upgrade immediately.

Overview of changes in lightdm 1.0.6

    * Use lchown for correcting ownership of ~/.Xauthority instead of chown


Could a CVE be assigned for this?

Regards,

Can you send me the link to this announcement so I can confirm it? Thanks.


Here's the link to the mailing list mail:
http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html 

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
  - Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
    - Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
    - Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
    - Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
    - Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 10)
    - Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
    - Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)
    - Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
    - Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
    - Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
    - Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)

(Thread continues...)