[Pkg-lxde-maintainers] Bug#805659: lxdm: CVE-2015-8308: X server started without -auth, exposing it to connections form any local user
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 20 19:47:21 UTC 2015
Source: lxdm
Version: 0.5.1-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for lxdm.
CVE-2015-8308[0]:
X server started without -auth, exposing it to connections form any local user
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Note that the Red Hat bug report though mentions a regression problem,
referencing to [5] and [6].
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8308
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1268900
[2] http://advisories.mageia.org/MGASA-2015-0411.html
[3] http://www.openwall.com/lists/oss-security/2015/11/20/2
[4] http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3
[5] https://bugzilla.redhat.com/show_bug.cgi?id=1283581
[6] http://sourceforge.net/p/lxde/bugs/786/
Regards,
Salvatore
More information about the Pkg-lxde-maintainers
mailing list