Hello Chris, the Debian LTS team would like to fix CVE-2018-14424, gdm3 in Jessie. We have prepared a patch [1] based on your work which you have attached to the Gnome issue tracker. [2] We have noticed [3] that it is still possible to "crash" gdm3 in Jessie with your POC although we cannot get a meaningful stacktrace to find out why. Do you plan to fix this issue for Ubuntu 16.04 too? The version in 16.04 is closer to ours, so you may experience the same result. Do you think there is an additional patch required or is GDM actually doing what it is asked for? Regards, Markus [1] https://people.debian.org/~apo/lts/ [2] https://gitlab.gnome.org/GNOME/gdm/issues/401 [3] https://lists.debian.org/debian-lts/2018/08/msg00084.html
Attachment:
signature.asc
Description: OpenPGP digital signature