Update the NEWS since this can now be public

-George
author: George Lebl <jirka@src.gnome.org> 2003-08-20 19:39:06 +0000
committer: George Lebl <jirka@src.gnome.org> 2003-08-20 19:39:06 +0000
commit: f14350f87d9e478c5b339be46e5c852332c3f346 (patch)
tree: 2876b29a8cc13dc9e8bec3c88ecc68ea39a883db
parent: c89bbbc257fb2cf46c2b3dd15bae1f45bde435b1 (diff)
download: gdm-f14350f87d9e478c5b339be46e5c852332c3f346.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index bdcf3758..5ca8f8cc 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,22 @@
 Ahh news...
 
+2.4.1.6 SECURITY ADDENDUM:
+  Was not part of the original release notes to give distributors a chance
+  to update.
+
+- SECURITY: Fixed CAN-2003-0547 which allows any user to read any
+  root readable text file on the system by making a symling from
+  ~/.xsession-errors
+
+- SECURITY: Fixed CAN-2003-0548, a crash when chosen host expires.
+  DoS only for XDMCP (XDMCP should however be confined to a 'trusted'
+  network anyway)
+
+- SECURITY: Fixed CAN-2003-0549, a crash if authorization key name
+  is shorter then 18 bytes (that is, not MIT-MAGIC-COOKIE-1)
+  DoS only for XDMCP (XDMCP should however be confined to a 'trusted'
+  network anyway)
+
 2.4.1.6 stuff:
 
 - Backport the errorgui from HEAD, easier then fixing
author	George Lebl <jirka@src.gnome.org>	2003-08-20 19:39:06 +0000
committer	George Lebl <jirka@src.gnome.org>	2003-08-20 19:39:06 +0000
commit	f14350f87d9e478c5b339be46e5c852332c3f346 (patch)
tree	2876b29a8cc13dc9e8bec3c88ecc68ea39a883db
parent	c89bbbc257fb2cf46c2b3dd15bae1f45bde435b1 (diff)
download	gdm-f14350f87d9e478c5b339be46e5c852332c3f346.tar.gz