Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#38716 - [lightdm-gtk2-greeter] security patch for CVE-2014-0979
Attached to Project:
Community Packages
Opened by RbN (RbN) - Wednesday, 29 January 2014, 16:30 GMT
Last edited by Maxime Gauduin (Alucryd) - Sunday, 02 February 2014, 11:20 GMT
Opened by RbN (RbN) - Wednesday, 29 January 2014, 16:30 GMT
Last edited by Maxime Gauduin (Alucryd) - Sunday, 02 February 2014, 11:20 GMT
|
DetailsDescription (from RedHat bugzilla[0]):
"lightdm-gtk was found to be affected by a vulnerability, which causes it to crash with no username entered and hitting the ENTER." Probably affects lightdm-gtk3-greeter too. Upstream bug [1] Resolution: apply upstream patch [2] Ressources: [0] https://bugzilla.redhat.com/show_bug.cgi?id=1049420 [1] https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449 [2] https://launchpadlibrarian.net/161796033/07_fix-NULL-username.patch |
This task depends upon
Closed by Maxime Gauduin (Alucryd)
Sunday, 02 February 2014, 11:20 GMT
Reason for closing: Fixed
Additional comments about closing: 1:1.6.1-2
Sunday, 02 February 2014, 11:20 GMT
Reason for closing: Fixed
Additional comments about closing: 1:1.6.1-2
Comment by Maxime Gauduin (Alucryd) -
Sunday, 02 February 2014, 11:20 GMT
Thx for the report. I've used the more complete fix committed in the bzr repo.