tags 375281 +security +patch severity 375281 grave thanks This is certainly a security issue that introduces a hole which allows access to other user accounts. Thus, I'm raising the severity level accordingly.
Attached is a patch taken from the gdm2 CVS archive (diffing the
relevent files between GDM2_2_14_7 and GDM2_2_14_8) which should fix
this issue. This applies ok to the 2.14.5 package currently in
unstable.
Sarge is not affected as the vulnerable code has only been introduced
with 2.8.
Alternatively, it also seems fixed in the newer upstream releases of GDM,
so prehaps these could be packaged instead.
When fixing, please upload with high priority and mention the CVE id
(CVE-2006-2452) in the changelog.
Many thanks,
Neil McGovern
--
<liw> the hacklab room is the one with a pirate flag, and a venezuelan flag,
and a third flag
<liw> the other hacklab room is the "other hacklab room"
signature.asc
Description: Digital signature
