E CVS: Eterm mej

Wed, 14 May 2008 16:17:29 -0700 

Enlightenment CVS committal

Author  : mej
Project : eterm
Module  : Eterm

Dir     : eterm/Eterm


Modified Files:
        ChangeLog 


Log Message:
Wed May 14 16:09:04 2008                        Michael Jennings (mej)

(Correct) fix for CVE-2008-1692.  Eterm no longer defaults to using
":0" for $DISPLAY due to the possibility that an attacker can create a
fake X server on a shared system, intercept the Eterm X connection,
and send fake keystrokes to the victim's Eterm to execute arbitrary
commands as that user.

The previous fix, while it did indeed correct the vulnerability, broke
the --display option.  The original fix from Bernhard Link was more
correct, albeit not quite on target.
----------------------------------------------------------------------

===================================================================
RCS file: /cvs/e/eterm/Eterm/ChangeLog,v
retrieving revision 1.448
retrieving revision 1.449
diff -u -3 -r1.448 -r1.449
--- ChangeLog   14 May 2008 22:26:36 -0000      1.448
+++ ChangeLog   14 May 2008 23:16:54 -0000      1.449
@@ -5565,3 +5565,15 @@
 Patch from Emmanuel Anne <[EMAIL PROTECTED]> to fix cut/paste
 with KDE applications.
 ----------------------------------------------------------------------
+Wed May 14 16:09:04 2008                        Michael Jennings (mej)
+
+(Correct) fix for CVE-2008-1692.  Eterm no longer defaults to using
+":0" for $DISPLAY due to the possibility that an attacker can create a
+fake X server on a shared system, intercept the Eterm X connection,
+and send fake keystrokes to the victim's Eterm to execute arbitrary
+commands as that user.
+
+The previous fix, while it did indeed correct the vulnerability, broke
+the --display option.  The original fix from Bernhard Link was more
+correct, albeit not quite on target.
+----------------------------------------------------------------------



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
enlightenment-cvs mailing list
enlightenment-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-cvs

Reply via email to