oss-sec mailing list archives

Re: Re: [LightDM] Version 1.0.6 released

From: Guido Berhoerster <gber () opensuse org>
Date: Wed, 2 Nov 2011 17:42:36 +0100

* Kurt Seifried <kseifried () redhat com> [2011-11-02 17:17]:

On 11/02/2011 09:54 AM, Yves-Alexis Perez wrote:

On mer., 2011-11-02 at 11:42 -0400, Robert Ancell wrote:

Fixes a security issue where using ~/.Xauthority as a symlink would
cause LightDM to set the destination of the link to user ownership.
All users of 1.0.4 or 1.0.5 should upgrade immediately.

Overview of changes in lightdm 1.0.6

    * Use lchown for correcting ownership of ~/.Xauthority instead of chown


Could a CVE be assigned for this?

Regards,

Can you send me the link to this announcement so I can confirm it? Thanks.


http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html
-- 
Guido Berhoerster

Current thread:

Re: Re: [LightDM] Version 1.0.6 released, (continued)
- - - Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
    - Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
    - Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
    - Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 10)
    - Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
    - Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)
    - Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
    - Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
    - Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
    - Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)
  - Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 02)