I reviewed gdm3 version 3.24.2-1ubuntu2 as checked into artful. This
should not be considered a full security audit but a quick gauge of
maintainability.
UCT has two CVEs: first, holding esc key allowed bypassing the lock screen.
Second, one REJECTed CVE that was assigned for the usual "desktop
Override component to main
gdm3 3.24.2-1ubuntu3 in artful: universe/gnome -> main
gdm3 3.24.2-1ubuntu3 in artful amd64: universe/gnome/optional/100% -> main
gdm3 3.24.2-1ubuntu3 in artful arm64: universe/gnome/optional/100% -> main
gdm3 3.24.2-1ubuntu3 in artful armhf: universe/gnome/optional/100%
As Mathieu is currently on holidays and security +1 it, let's get that
moved so that it can be seeded in tomorrow's image. Handling the
promotion.
** Changed in: gdm3 (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
** Changed in: gdm3 (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Mathieu
Trudel-Lapierre (cyphermox)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686393
Title:
[MIR] gdm3
Since the decision to use gdm3 has been publicly announced, the Security
Team does not want to hold up gdm3 from being promoted to main. The
security review will continue and the results will be documented here
(with additional bugs filed upstream as necessary) when complete.
Meanwhile, gdm3 can
** Changed in: gdm3 (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686393
Title:
[MIR] gdm3
To manage notifications about this bug go to:
Hi Iain, this has not been forgotten, but keeps being superseded with
other work.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686393
Title:
[MIR] gdm3
To manage notifications about this
Guys?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686393
Title:
[MIR] gdm3
To manage notifications about this bug go to:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gdm3 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686393
Title:
I've re-assigned it to security to get the wheels turning again. Turns
out robert's gnome-shell upload didn't completely work without libgdm1
installed. libgdm1 provides gsettings schema that gnome-shell requires.
** Changed in: gdm3 (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team
lightdm does support GNOME on Wayland. It doesn't currently work on a
default Ubuntu (Unity) 17.04 install because of LP: #1632772 but that
was "fixed" in 17.10 by removing unity8 from the archives. (You're
welcome to remove unity8 from your computer as a workaround.)
--
You received this bug
It's my understanding that gdm is required to start gnome-shell with
wayland. I'm guessing "having lightdm fully support gnome-shell" will
include wayland support?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I'm setting to Incomplete and unassigning Ubuntu Security for now since
Robert got a basic gnome-shell working without gdm's gir. The Desktop
Team will see what happens with the work on having lightdm fully support
gnome-shell (LP: #1694962) to determine whether this MIR will still be
needed.
**
Seth, some of your lintian warnings are because you are using an old
version of lintian. I don't get any lintian warnings here. 'bash' is
Essential so I'm not sure why a script that specifies /bin/bash would be
an issue.
I filed these bugs upstream:
https://bugzilla.gnome.org/783079 (chown)
I'm just getting started and thought I'd give some early feedback. There
appears to be a lot more noise in the build logs than usual:
- 88 cases of "deprecation warning"
- chown and chmod errors in the build logs (below)
- lintian error and warning:
E: gdm3 source:
** Description changed:
Availability
Co-maintained with Debian GNOME. Built for all supported architectures.
Changes from Debian:
Update to 3.24
+ README.Debian: update for correct paths in Ubuntu
+ control.in:
- Don't recommend desktop-base
- Depend on bash
Since this was in main previously, I don't see any reason to really
block it, but it still ought to have some review by the Security team
given the obvious security history for gdm and being a login manager.
** Changed in: gdm3 (Ubuntu)
Assignee: Mathieu Trudel-Lapierre (cyphermox) => Ubuntu
** Changed in: gdm3 (Ubuntu)
Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686393
Title:
[MIR] gdm3
To manage notifications
** Description changed:
Availability
Co-maintained with Debian GNOME. Built for all supported architectures.
Changes from Debian:
Update to 3.24
+ README.Debian: update for correct paths in Ubuntu
+ control.in:
- Don't recommend desktop-base
- Depend on bash
19 matches
Mail list logo
