Source: lxdm
Version: 0.5.1-1
Severity: grave
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for lxdm.

CVE-2015-8308[0]:
X server started without -auth, exposing it to connections form any local user

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Note that the Red Hat bug report though mentions a regression problem,
referencing to [5] and [6].

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8308
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1268900
[2] http://advisories.mageia.org/MGASA-2015-0411.html
[3] http://www.openwall.com/lists/oss-security/2015/11/20/2
[4] 
http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3
[5] https://bugzilla.redhat.com/show_bug.cgi?id=1283581
[6] http://sourceforge.net/p/lxde/bugs/786/

Regards,
Salvatore

Reply via email to