Re: [gdm-list] GDM 3.0.3 and GDM 2.32.2

From: Brian Cameron <brian cameron oracle com>
To: Ray Strode <halfline gmail com>
Cc: gnome-announce-list gnome org, gdm-list <gdm-list gnome org>, distributor-list gnome org
Subject: Re: [gdm-list] GDM 3.0.3 and GDM 2.32.2
Date: Thu, 02 Jun 2011 15:46:36 -0500


I also released 2.30.7 with this security fix and the following other
fixes:

- Fix double free issue in chooser.
- Only set WINDOWPATH in the user session if it not NULL.

Brian


On 05/31/11 10:18, Ray Strode wrote:

The 3.0.3 and 2.32.2 releases fix a security bug of the GNOME Display Manager
(GDM) program:

-CVE-2011-1709 - fix URI lockdown with glib 2.28 and greater

The bug means that in certain cases a user can bring up a web browser
in in the login screen,
running as the unprivileged "gdm" user.

Thanks go to Vincent Untz for fixing this issue.

All users who use GDM with glib 2.28 or greater are advised to upgrade
to this version.

Documentation&  Downloading
===========================

Online Documentation - http://www.gnome.org/projects/gdm/
3.0.3 - http://ftp.gnome.org/pub/GNOME/sources/gdm/3.0/gdm-3.0.3.tar.bz2
2.32.2 - http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.tar.bz2
Bug Reporting        - http://bugzilla.gnome.org in the "gdm" category.
_______________________________________________
gdm-list mailing list
gdm-list gnome org
http://mail.gnome.org/mailman/listinfo/gdm-list

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]