found 374002 4:3.5.2-2 close 374002 4:3.5.3-2 thanks Le ven 16 juin 2006 20:26, Stefan Fritsch a écrit : > Package: kdm > Version: 4:3.5.3-2 > Severity: grave > Tags: security patch > Justification: user security hole > > KDM allows the user to select the session type for login. This > setting is permanently stored in the user home directory. By > using a symlink attack, KDM can be tricked into allowing the > user to read file content that would otherwise be unreadable > to this particular user. this is already pulled in kdebase 3.5.3-2 in debian, only testing version is affected. -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.org
Attachment:
pgp52n5J6bytj.pgp
Description: PGP signature