Your message dated Sun, 29 Oct 2006 22:32:14 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#375281: fixed in gdm 2.16.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gdm
Version: 2.14.5-1
Severity: important
Hi,
GDM version 2.8, 2.12, 2.14, and 2.15 are susceptible to the security
fault listed under CVE reference ID CVE-2006-2452 which reads:
... when the "face browser" feature is enabled, allows local users to
access the "Configure Login Manager" functionality using their own password
instead of the root password, which can be leveraged to gain additional
privileges.
http://bugzilla.gnome.org/show_bug.cgi?id=343476
http://www.ubuntulinux.org/support/documentation/usn/usn-293-1
Please reference this CVE ID in any changelog that fixes this issue.
Thanks,
Micah
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-vserver-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages gdm depends on:
ii adduser 3.87 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy
ii gksu 1.9.1-2 graphical frontend to su
ii gnome-session 2.14.2-1 The GNOME 2 Session Manager
ii ion3 [x-window-manager] 20060524-1 keyboard-friendly window manager w
ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi
ii libatk1.0-0 1.11.4-2 The ATK accessibility toolkit
ii libattr1 2.4.32-1 Extended attribute shared library
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libcairo2 1.0.4-2 The Cairo 2D vector graphics libra
ii libdmx1 1:1.0.1-3 X11 Distributed Multihead extensio
ii libfontconfig1 2.3.2-7 generic font configuration library
ii libglade2-0 1:2.5.1-2 library to load .glade files at ru
ii libglib2.0-0 2.10.3-1 The GLib library of C routines
ii libgnomecanvas2-0 2.14.0-2 A powerful object-oriented display
ii libgtk2.0-0 2.8.18-1 The GTK+ graphical user interface
ii libpam-modules 0.79-3.1 Pluggable Authentication Modules f
ii libpam-runtime 0.79-3.1 Runtime support for the PAM librar
ii libpam0g 0.79-3.1 Pluggable Authentication Modules l
ii libpango1.0-0 1.12.3-1 Layout and rendering of internatio
ii libpopt0 1.10-2 lib for parsing cmdline parameters
ii librsvg2-2 2.14.4-1 SAX-based renderer library for SVG
ii librsvg2-common 2.14.4-1 SAX-based renderer library for SVG
ii libselinux1 1.30-1 SELinux shared libraries
ii libwrap0 7.6.dbs-9 Wietse Venema's TCP wrappers libra
ii libx11-6 2:1.0.0-6 X11 client-side library
ii libxau6 1:1.0.0-3 X11 authorisation library
ii libxcursor1 1.1.5.2-5 X cursor management library
ii libxdmcp6 1:1.0.0-4 X11 Display Manager Control Protoc
ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar
ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii libxi6 1:1.0.0-5 X11 Input extension library
ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library
ii libxml2 2.6.26.dfsg-1 GNOME XML library
ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library
ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra
ii lsb-base 3.1-10 Linux Standard Base 3.1 init scrip
ii metacity [x-window-manager 1:2.14.5-1 A lightweight GTK2 based Window Ma
ii rxvt-unicode-ml [x-termina 7.7-4 multi-lingual terminal emulator wi
ii tilda [x-terminal-emulator 0.09.2-1 terminal with first person shooter
ii twm [x-window-manager] 1:1.0.1-4 Tab window manager
ii xbase-clients 1:7.1.ds-1.1 miscellaneous X clients
ii xterm [x-terminal-emulator 210-3 X terminal emulator
ii zlib1g 1:1.2.3-12 compression library - runtime
Versions of packages gdm recommends:
ii dialog 1.0-20060221-1 Displays user-friendly dialog boxe
pn gdm-themes <none> (no description available)
ii whiptail 0.52.2-4 Displays user-friendly dialog boxe
ii zenity 2.14.2-1 Display graphical dialog boxes fro
-- debconf information:
gdm/daemon_name: /usr/bin/gdm
* shared/default-x-display-manager: gdm
--- End Message ---
--- Begin Message ---
Source: gdm
Source-Version: 2.16.1-1
We believe that the bug you reported is fixed in the latest version of
gdm, which is due to be installed in the Debian FTP archive:
gdm_2.16.1-1.diff.gz
to pool/main/g/gdm/gdm_2.16.1-1.diff.gz
gdm_2.16.1-1.dsc
to pool/main/g/gdm/gdm_2.16.1-1.dsc
gdm_2.16.1-1_i386.deb
to pool/main/g/gdm/gdm_2.16.1-1_i386.deb
gdm_2.16.1.orig.tar.gz
to pool/main/g/gdm/gdm_2.16.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Murray <[EMAIL PROTECTED]> (supplier of updated gdm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 29 Oct 2006 22:02:36 -0800
Source: gdm
Binary: gdm
Architecture: source i386
Version: 2.16.1-1
Distribution: unstable
Urgency: high
Maintainer: Ryan Murray <[EMAIL PROTECTED]>
Changed-By: Ryan Murray <[EMAIL PROTECTED]>
Description:
gdm - GNOME Display Manager
Closes: 240991 288286 291187 308825 339965 350940 362925 367232 372949 375281
377934 379198 382698 387043 389466 390414 392611 394881 395003
Changes:
gdm (2.16.1-1) unstable; urgency=high
.
* New upstream release
+ Fixes CVE-2006-2452 (closes: #375281)
+ Failsafe session no longer made default (closes: #382698)
+ Typo fixed in fr.po (closes: #392611)
+ multiple login dialog updated (closes: #395003)
+ SuspendCommand works (closes: #367232)
+ gdmsetup image screen scrolling works (closes: #288286)
* Fix typo in fr.po (closes: #372949)
* Set RelaxPermissions=1 by default (closes: #339965)
* Don't close all descriptors before starting the slave. (closes: #308825)
* Parse /etc/default/locale in gdm pam files, for now (closes: #389466)
* Set console to utf-8 if needed in XKeepsCrashing (closes: #387043)
* Remove OK and Cancel buttons from included themes (closes: #377934)
* Add debian-moreblue theme from
http://cdd.debian-br.org/~si0ux/artwork/debian/gdm/gdm-theme-debian-moreblue.tar.gz
* Temporarily raise to Depends on gdm-themes, and make the debblue theme
default for now (closes: #350940)
* Add /var/lib/menu-xdg/xsessions to SessionDir (closes: #240991)
* add acpid to Should-Start line of init.d script (closes: #390414)
* Sync debconf templates against xdm 1.0.5-1
* Sync locale.conf against locales 2.3.6.ds1-7
* Stop installing factory-defaults.conf (closes: #394881)
* Hide stderr from cat in init script, create
/etc/X11/default-display-manager
when the package is installed with tasksel (closes: #379198)
* Hardcode StandardXServer to /usr/bin/X (closes: #362925)
* Start gdm at S21 instead of S99 (closes: #291187)
Files:
d7a00ff3307cb384e2ed628910ed82aa 783 gnome optional gdm_2.16.1-1.dsc
a2e68fac4763f1cf1050eeb19accb43f 4878838 gnome optional gdm_2.16.1.orig.tar.gz
3025ca755c69b5ec801354d0f0458fc5 321935 gnome optional gdm_2.16.1-1.diff.gz
11625612a577c2b1d55a9240b6991563 3992492 gnome optional gdm_2.16.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFRZrDN2Dbz/1mRasRAuioAJ9QxFrX+ZEulg556C7QCNV8/DwfHACg3U8a
Lk0MtuTYTfmIfd0Sdy4JomY=
=4u2z
-----END PGP SIGNATURE-----
--- End Message ---
