Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

To: Salvatore Bonaccorso <carnil@debian.org>, 973748@bugs.debian.org
Cc: Debian FTP Masters <ftpmaster@ftp-master.debian.org>, dak@security.debian.org
Subject: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
From: Norbert Preining <norbert@preining.info>
Date: Thu, 5 Nov 2020 20:55:40 +0900
Message-id: <[🔎] 20201105115540.GB36413@bulldog.preining.info>
Reply-to: Norbert Preining <norbert@preining.info>, 973748@bugs.debian.org
In-reply-to: <[🔎] 20201105114327.GA12819@lorien.valinor.li>
References: <E1kacqJ-0003c5-ND@seger.debian.org> <[🔎] 160449433254.22150.933936578574498063.reportbug@lorien.valinor.li> <[🔎] 20201105112607.GA36413@bulldog.preining.info> <[🔎] 160449433254.22150.933936578574498063.reportbug@lorien.valinor.li> <[🔎] 20201105114327.GA12819@lorien.valinor.li> <[🔎] 160449433254.22150.933936578574498063.reportbug@lorien.valinor.li>

Hi Salvatore,

> That is because I did already upload the upload yesterday as with the
> debdiff attached to the bugreport. But we (Moritz was testing as well)
> wanted to further test the upload first before releasing the DSA.

Ahhhh .... ok, that explains it. Didn't see any message about it, so I
guessed you were waiting for us. I also didn't see anything on
tracker.debian.org, so I thought I will do it ...

Is there anything regarding buster that is still necessary?

> Fixing this via unstable via directly 0.19 sounds great, thank you.

That is coming in in short time.

Thanks

Norbert

--
PREINING Norbert                              https://www.preining.info
Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Reply to:

Follow-Ups:
- Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
  - From: Norbert Preining <norbert@preining.info>
- Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
Next by Date: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
Previous by thread: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
Next by thread: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
Index(es):
- Date
- Thread