Debian Bug report logs -
#734472
lightdm-gtk-greeter: crash with NULL username
Reported by: Yves-Alexis Perez <corsac@debian.org>
Date: Tue, 7 Jan 2014 13:21:02 UTC
Severity: important
Tags: security
Found in version lightdm-gtk-greeter/1.1.6-2
Fixed in versions lightdm-gtk-greeter/1.6.1-5, lightdm-gtk-greeter/1.7.0-2
Done: Yves-Alexis Perez <corsac@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Xfce Maintainers <pkg-xfce-devel@lists.alioth.debian.org>:
Bug#734472; Package lightdm-gtk-greeter.
(Tue, 07 Jan 2014 13:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Yves-Alexis Perez <corsac@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Xfce Maintainers <pkg-xfce-devel@lists.alioth.debian.org>.
(Tue, 07 Jan 2014 13:21:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: lightdm-gtk-greeter
Version: 1.1.6-2
Severity: important
Entering an empty username can make lightdm-gtk-greeter crash. No CVE
assigned yet.
More info:
https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449
http://thread.gmane.org/gmane.comp.security.oss.general/11812
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lightdm-gtk-greeter depends on:
ii libc6 2.17-97
ii libcairo2 1.12.16-2
ii libgdk-pixbuf2.0-0 2.28.2-1+b1
ii libglib2.0-0 2.38.2-1
ii libgtk-3-0 3.8.6-1
ii liblightdm-gobject-1-0 1.9.5-1
ii libx11-6 2:1.6.2-1
Versions of packages lightdm-gtk-greeter recommends:
ii desktop-base 7.0.3
ii gnome-icon-theme-symbolic 3.10.1-1
ii gnome-themes-standard 3.8.4-1
ii policykit-1 0.105-4
lightdm-gtk-greeter suggests no packages.
-- Configuration Files:
/etc/lightdm/lightdm-gtk-greeter.conf changed [not included]
-- debconf information:
* shared/lightdm-greeter: lightdm-gtk-greeter
lightdm-gtk-greeter/lightdm-greeter: lightdm-gtk-greeter
Added tag(s) security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 07 Jan 2014 13:30:07 GMT) (full text, mbox, link).
Reply sent
to Yves-Alexis Perez <corsac@debian.org>:
You have taken responsibility.
(Tue, 07 Jan 2014 22:51:17 GMT) (full text, mbox, link).
Notification sent
to Yves-Alexis Perez <corsac@debian.org>:
Bug acknowledged by developer.
(Tue, 07 Jan 2014 22:51:17 GMT) (full text, mbox, link).
Message #12 received at 734472-close@bugs.debian.org (full text, mbox, reply):
Source: lightdm-gtk-greeter
Source-Version: 1.6.1-5
We believe that the bug you reported is fixed in the latest version of
lightdm-gtk-greeter, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 734472@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <corsac@debian.org> (supplier of updated lightdm-gtk-greeter package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 Jan 2014 23:33:27 +0100
Source: lightdm-gtk-greeter
Binary: lightdm-gtk-greeter
Architecture: source amd64
Version: 1.6.1-5
Distribution: unstable
Urgency: high
Maintainer: Debian Xfce Maintainers <pkg-xfce-devel@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Description:
lightdm-gtk-greeter - simple display manager (GTK+ greeter)
Closes: 734472
Changes:
lightdm-gtk-greeter (1.6.1-5) unstable; urgency=high
.
* debian/patches:
- 07_fix-NULL-username addef, fix crash when last username is empty. This
is CVE-2014-0979. closes: #734472
* debian/control:
- update standards version to 3.9.5.
Checksums-Sha1:
6052498e37fe756abda4d52defe6ea57cd618104 1895 lightdm-gtk-greeter_1.6.1-5.dsc
1c91d3de6352d9f02a8ec7019f55b708d8707eb9 5750 lightdm-gtk-greeter_1.6.1-5.debian.tar.gz
e7ed3d2d251599d5135535a4d27ce659c2b75064 46952 lightdm-gtk-greeter_1.6.1-5_amd64.deb
Checksums-Sha256:
b4e38659b3bf5b432a6e0d06fc955e59fafb0783da54acfe83926a311d05302a 1895 lightdm-gtk-greeter_1.6.1-5.dsc
b87604f7b09865b3e94f4e3812b477ccada9522525653c7ba80a994b93407295 5750 lightdm-gtk-greeter_1.6.1-5.debian.tar.gz
26894f8d6ee5797fd0e63e511c57bc98e99c246b88bb5ad0c2ee4458dd10bb1c 46952 lightdm-gtk-greeter_1.6.1-5_amd64.deb
Files:
02942cffaac3e31d00b481b12917de0d 1895 x11 optional lightdm-gtk-greeter_1.6.1-5.dsc
2e86146acb89754f370e60a3db7dad83 5750 x11 optional lightdm-gtk-greeter_1.6.1-5.debian.tar.gz
540b34d81596a863216878f307d105dc 46952 x11 optional lightdm-gtk-greeter_1.6.1-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBCgAGBQJSzIFgAAoJEG3bU/KmdcClIkkH/icYkg+HvRD9fP98rHI2b1nP
DdruNjfHtI30mMTl8xB5mO3ZzYEZwfuQOBJEW9eto1evx4EMneadgrGk2yL2tVvY
6J5Do7kFVHpU87PENSnE8P/XEjnpx8Mp8X3FJITgBNtv8vNorBU4QUXP7YYC1Hy9
rwl2+5KUG5N/eI+jhBGyIvCKOajwjm/d3/yxs3si+q9UsaaazEfgy/UA8QYfTHWa
JyIyULVKpr28PnzM0DyldD87BucL6EbN8+Qs99IvHQx+t4+MteSIkyvCIIbyguFc
d09cnDNwzR0DVQZ8ezvxye+Iwpyilh4ph4lsiFBBhvVFayJjDnqLyyAdExtxhPo=
=cZ0k
-----END PGP SIGNATURE-----
Reply sent
to Yves-Alexis Perez <corsac@debian.org>:
You have taken responsibility.
(Tue, 07 Jan 2014 22:51:22 GMT) (full text, mbox, link).
Notification sent
to Yves-Alexis Perez <corsac@debian.org>:
Bug acknowledged by developer.
(Tue, 07 Jan 2014 22:51:22 GMT) (full text, mbox, link).
Message #17 received at 734472-close@bugs.debian.org (full text, mbox, reply):
Source: lightdm-gtk-greeter
Source-Version: 1.7.0-2
We believe that the bug you reported is fixed in the latest version of
lightdm-gtk-greeter, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 734472@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <corsac@debian.org> (supplier of updated lightdm-gtk-greeter package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 Jan 2014 23:33:38 +0100
Source: lightdm-gtk-greeter
Binary: lightdm-gtk-greeter
Architecture: source amd64
Version: 1.7.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Xfce Maintainers <pkg-xfce-devel@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Description:
lightdm-gtk-greeter - simple display manager (GTK+ greeter)
Closes: 734472
Changes:
lightdm-gtk-greeter (1.7.0-2) experimental; urgency=medium
.
* debian/patches:
- 07_fix-NULL-username added, fix crash when last username is empty. This
is CVE-2014-0979. closes: #734472
Checksums-Sha1:
97d2a654c8b55a3ba214e23292803f09747f5aea 1878 lightdm-gtk-greeter_1.7.0-2.dsc
0b8eb8f4abe23668ca5096b281bf5af8012d32d3 4307 lightdm-gtk-greeter_1.7.0-2.debian.tar.gz
79cac6d785f842e416e9fea869a99f445d949853 47590 lightdm-gtk-greeter_1.7.0-2_amd64.deb
Checksums-Sha256:
fc55fd43411634ca1f5b1d7ef4de3f2e79414a626c6f4dba60faa1feb89e2b1a 1878 lightdm-gtk-greeter_1.7.0-2.dsc
04fdade4b075e0401a56955083d19c9d7ffc629d047f425e13bd0538ff4cb1ea 4307 lightdm-gtk-greeter_1.7.0-2.debian.tar.gz
6e4c2bacea2774aa49dcb1499a9debf8cdc7011b46274a17dcd784d297a43931 47590 lightdm-gtk-greeter_1.7.0-2_amd64.deb
Files:
2e551bf65d30aeea3a6b1813b8784377 1878 x11 optional lightdm-gtk-greeter_1.7.0-2.dsc
419c846c5a74cf3eb1d171ba474bad29 4307 x11 optional lightdm-gtk-greeter_1.7.0-2.debian.tar.gz
fff56353acc3644f84bdfc2cdec04405 47590 x11 optional lightdm-gtk-greeter_1.7.0-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJSzIHJAAoJEG3bU/KmdcCl7IkH/0mxQ1xCqsDQ89m2ZZieO+lq
4RJ0gwu1PTNwsIfzAHWQoBG9/tHcAQ/PyhKHU6KvTLN5J8oVrZT+uAhkyrn2/qzp
b6S+X7BXf+rgfV7luPcWQ3kGRFZBvo+N5N2fb6gsp+OwbgF6tjwxSIeJNwwDGhmL
OcCvK9m6CEAwTsnXQYi+6yzYSymbgSMy8hYpyshA0Lr52w6YVGNqFXtPA/zhmnPm
qhGykpKuka+vFzhSZmn1nSuhKUpjW2jbFUYqZmyPHs3bJ1AOD+FxWVohovFOHpBc
Vc2X0bNBGcm/tMk5tHSKpbfopQ8OGKTKMvxeBdhbuNs+gulr/kqrXJjdoGfUrvQ=
=n6Tx
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 07 Feb 2014 07:35:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:57:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon