Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Sep 2013 09:05:07 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: lightdm incorrect .Xauthority permissions

Hello,

lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with
world-readable permissions.

Fixed by the following commits:

1.4.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1571
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1576
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1577

1.6.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1641
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1652
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1653

1.7.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1675
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1780
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1781

Bug reports:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023
https://bugs.launchpad.net/lightdm/+bug/685212
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721744

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ