diff options
author | George Lebl <jirka@src.gnome.org> | 2003-08-20 19:39:06 +0000 |
---|---|---|
committer | George Lebl <jirka@src.gnome.org> | 2003-08-20 19:39:06 +0000 |
commit | f14350f87d9e478c5b339be46e5c852332c3f346 (patch) | |
tree | 2876b29a8cc13dc9e8bec3c88ecc68ea39a883db | |
parent | c89bbbc257fb2cf46c2b3dd15bae1f45bde435b1 (diff) | |
download | gdm-f14350f87d9e478c5b339be46e5c852332c3f346.tar.gz |
Update the NEWS since this can now be public
-George
-rw-r--r-- | NEWS | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -1,5 +1,22 @@ Ahh news... +2.4.1.6 SECURITY ADDENDUM: + Was not part of the original release notes to give distributors a chance + to update. + +- SECURITY: Fixed CAN-2003-0547 which allows any user to read any + root readable text file on the system by making a symling from + ~/.xsession-errors + +- SECURITY: Fixed CAN-2003-0548, a crash when chosen host expires. + DoS only for XDMCP (XDMCP should however be confined to a 'trusted' + network anyway) + +- SECURITY: Fixed CAN-2003-0549, a crash if authorization key name + is shorter then 18 bytes (that is, not MIT-MAGIC-COOKIE-1) + DoS only for XDMCP (XDMCP should however be confined to a 'trusted' + network anyway) + 2.4.1.6 stuff: - Backport the errorgui from HEAD, easier then fixing |