Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

Hi Norbert, On Thu, Nov 05, 2020 at 09:15:15PM +0900, Norbert Preining wrote: > Hi Salvatore, > > On Thu, 05 Nov 2020, Salvatore Bonaccorso wrote: > > to day, this is the debdiff I just used for the upload. tracker.d.o > > does not show it yet because the packages are sitting in the embargoed >

Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

Hi Salvatore, On Thu, 05 Nov 2020, Salvatore Bonaccorso wrote: > to day, this is the debdiff I just used for the upload. tracker.d.o > does not show it yet because the packages are sitting in the embargoed > policy queue on security-master so not yet pushed out to the archive. Ah, ok, didn't

Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

Hi Norbert, On Thu, Nov 05, 2020 at 08:55:40PM +0900, Norbert Preining wrote: > Hi Salvatore, > > > That is because I did already upload the upload yesterday as with the > > debdiff attached to the bugreport. But we (Moritz was testing as well) > > wanted to further test the upload first before

Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

Hi Salvatore, > That is because I did already upload the upload yesterday as with the > debdiff attached to the bugreport. But we (Moritz was testing as well) > wanted to further test the upload first before releasing the DSA. A ok, that explains it. Didn't see any message about it, so

Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

Hi Norbert, On Thu, Nov 05, 2020 at 08:26:07PM +0900, Norbert Preining wrote: > Hi Salvatore, hi FTP Master, > > @Salvatore: thanks for the NMU preparation. We are now preparing a fix > for unstable via version 0.19, and at the same time I thought I upload > to buster-security, based on your

Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

Hi Salvatore, hi FTP Master, @Salvatore: thanks for the NMU preparation. We are now preparing a fix for unstable via version 0.19, and at the same time I thought I upload to buster-security, based on your patch, But, uploading to security-master with dput I got the following answer: On Thu, 05

Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

Hi, On Wed, Nov 04, 2020 at 01:52:12PM +0100, Salvatore Bonaccorso wrote: > Source: sddm > Version: 0.18.1-1 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > Hi, > > The following vulnerability was

Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

Source: sddm Version: 0.18.1-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for sddm. CVE-2020-28049[0]: | local privilege escalation due to race condition in