Source: lxdm Version: 0.5.1-1 Severity: grave Tags: security upstream patch fixed-upstream
Hi, the following vulnerability was published for lxdm. CVE-2015-8308[0]: X server started without -auth, exposing it to connections form any local user If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. Note that the Red Hat bug report though mentions a regression problem, referencing to [5] and [6]. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8308 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1268900 [2] http://advisories.mageia.org/MGASA-2015-0411.html [3] http://www.openwall.com/lists/oss-security/2015/11/20/2 [4] http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3 [5] https://bugzilla.redhat.com/show_bug.cgi?id=1283581 [6] http://sourceforge.net/p/lxde/bugs/786/ Regards, Salvatore
