oss-security - CVE Request: lightdm incorrect .Xauthority permissions

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <52306A83.3020904@canonical.com>
Date: Wed, 11 Sep 2013 09:05:07 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: lightdm incorrect .Xauthority permissions

Hello,

lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with
world-readable permissions.

Fixed by the following commits:

1.4.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1571
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1576
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.4/revision/1577

1.6.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1641
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1652
http://bazaar.launchpad.net/~lightdm-team/lightdm/1.6/revision/1653

1.7.x:
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1675
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1780
http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1781

Bug reports:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023
https://bugs.launchpad.net/lightdm/+bug/685212
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721744

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.