Date: Wed, 02 Nov 2011 16:54:09 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: [LightDM] Version 1.0.6 released On mer., 2011-11-02 at 11:42 -0400, Robert Ancell wrote: > Fixes a security issue where using ~/.Xauthority as a symlink would > cause LightDM to set the destination of the link to user ownership. > All users of 1.0.4 or 1.0.5 should upgrade immediately. > > Overview of changes in lightdm 1.0.6 > > * Use lchown for correcting ownership of ~/.Xauthority instead of chown Could a CVE be assigned for this? Regards, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ