[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: status of the gdm3 security update

Hello Chris,

the Debian LTS team would like to fix CVE-2018-14424, gdm3 in Jessie. We
have prepared a patch [1] based on your work which you have attached to
the Gnome issue tracker. [2] We have noticed [3] that it is still
possible to "crash" gdm3 in Jessie with your POC although we cannot get
a meaningful stacktrace to find out why. Do you plan to fix this issue
for Ubuntu 16.04 too? The version in 16.04 is closer to ours, so you may
experience the same result. Do you think there is an additional patch
required or is GDM actually doing what it is asked for?



[1] https://people.debian.org/~apo/lts/
[2] https://gitlab.gnome.org/GNOME/gdm/issues/401
[3] https://lists.debian.org/debian-lts/2018/08/msg00084.html

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: