security bug in ldm

To: debian-edu@lists.debian.org
Subject: security bug in ldm
From: vagrant@freegeek.org
Date: Sun, 9 Mar 2008 19:44:55 -0700
Message-id: <[🔎] 20080310024455.GT5297@ryukin.fglan>

i mentioned briefly in IRC that there was a huge security bug in ldm,
but i figured i should mention it here also.

http://bugs.debian.org/469462

essentially, anyone can read and write to the X displays of LDM.

it's fixed in sid, and i just submitted a one-line patch for the version
in etch to the debian security team.

the patch should work with the version of ldm in debian-edu as well,
though i haven't tested it yet.

i should be available for an upload to debian-edu etch-test tomorrow(is
that where security updates go?), and hopefully backport the version
from sid for lenny-test as well.

live well,
  vagrant

Reply to:

Follow-Ups:
- Re: security bug in ldm
  - From: Jonas Smedegaard <dr@jones.dk>
- Re: security bug in ldm
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Re: Next IRC-Meeting on Monday the 10th of March
Next by Date: Re: security bug in ldm
Previous by thread: [Bug 1304] New: Read access to root files denied
Next by thread: Re: security bug in ldm
Index(es):
- Date
- Thread