[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

security bug in ldm

i mentioned briefly in IRC that there was a huge security bug in ldm,
but i figured i should mention it here also.


essentially, anyone can read and write to the X displays of LDM.

it's fixed in sid, and i just submitted a one-line patch for the version
in etch to the debian security team.

the patch should work with the version of ldm in debian-edu as well,
though i haven't tested it yet.

i should be available for an upload to debian-edu etch-test tomorrow(is
that where security updates go?), and hopefully backport the version
from sid for lenny-test as well.

live well,

Reply to: