security bug in ldm
i mentioned briefly in IRC that there was a huge security bug in ldm,
but i figured i should mention it here also.
http://bugs.debian.org/469462
essentially, anyone can read and write to the X displays of LDM.
it's fixed in sid, and i just submitted a one-line patch for the version
in etch to the debian security team.
the patch should work with the version of ldm in debian-edu as well,
though i haven't tested it yet.
i should be available for an upload to debian-edu etch-test tomorrow(is
that where security updates go?), and hopefully backport the version
from sid for lenny-test as well.
live well,
vagrant
Reply to: