oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: lightdm incorrect .Xauthority permissions

From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Wed, 11 Sep 2013 09:05:07 -0400
Hello,

lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with
world-readable permissions.

Fixed by the following commits:

1.4.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1571
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1576
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1577

1.6.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1641
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1652
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1653

1.7.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1675
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1780
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1781

Bug reports:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023
https://bugs.launchpad.net/lightdm/+bug/685212
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721744

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/
Previous By Date Next
Previous By Thread Next

Current thread: