Debian Bug report logs -
#921764
CVE-2019-3825
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
:
Bug#921764
; Package src:gdm3
.
(Fri, 08 Feb 2019 21:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
.
(Fri, 08 Feb 2019 21:33:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: gdm3
Severity: important
This was assigned CVE-2019-3825:
https://gitlab.gnome.org/GNOME/gdm/issues/460
Cheers,
Moritz
Marked as found in versions gdm3/3.30.2-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 09 Feb 2019 04:54:02 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 09 Feb 2019 04:54:03 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Simon McVittie <smcv@debian.org>
to control@bugs.debian.org
.
(Sat, 09 Feb 2019 11:30:02 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug#921764.
(Sat, 09 Feb 2019 13:00:06 GMT) (full text, mbox, link).
Message #16 received at 921764-submitter@bugs.debian.org (full text, mbox, reply):
Control: tag -1 pending
Hello,
Bug #921764 in gdm3 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/gnome-team/gdm/commit/36e70f3d37d5121205d9c37acc95c5af502bd6d5
------------------------------------------------------------------------
Update to upstream gnome-3-30 branch at commit 3.30.2-4-gdd4529542
Fix interaction between timed logins and ordinary logins that could lead
to the wrong session being unlocked when not using Wayland (CVE-2019-3825)
Closes: #921764
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/921764
Reply sent
to Simon McVittie <smcv@debian.org>
:
You have taken responsibility.
(Sat, 09 Feb 2019 13:21:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Sat, 09 Feb 2019 13:21:05 GMT) (full text, mbox, link).
Message #21 received at 921764-close@bugs.debian.org (full text, mbox, reply):
Source: gdm3
Source-Version: 3.30.2-3
We believe that the bug you reported is fixed in the latest version of
gdm3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921764@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated gdm3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Feb 2019 11:38:07 +0000
Source: gdm3
Architecture: source
Version: 3.30.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 921764
Changes:
gdm3 (3.30.2-3) unstable; urgency=medium
.
* Team upload
* d/p/95_accept_all_layouts.patch: Fix truncated patch.
A trailing blank line was declared in the diff header but missing from
the content.
* d/p/manager-don-t-kill-timed-login-session-immediately-after-.patch,
d/p/manager-session-Add-some-debugging-around-starting-reauth.patch,
d/p/session-Don-t-allow-greeter-operations-on-an-running-sess.patch,
d/p/GdmManager-Don-t-perform-timed-login-if-session-gets-star.patch:
Update to upstream gnome-3-30 branch at commit 3.30.2-4-gdd4529542
- Fix interaction between timed logins and ordinary logins
that could lead to the wrong session being unlocked when not using
Wayland (CVE-2019-3825, Closes: #921764)
* d/greeter.dconf-defaults:
Add commented-out power management options to make it easier to disable
automatic suspend if desired (see #893964)
Checksums-Sha1:
925346683ac939383cf92c5e0befd1bdb1cd63f0 3022 gdm3_3.30.2-3.dsc
c59f4b5fce06a84abba0bb864723be1a25688056 91636 gdm3_3.30.2-3.debian.tar.xz
1a34d643e330f5f97c05eeb80da4605f80f01e53 16997 gdm3_3.30.2-3_source.buildinfo
Checksums-Sha256:
75a41956c70d2b7340d9fd8061dee4b74c6a8f5627ffa7b8991c4023e668111f 3022 gdm3_3.30.2-3.dsc
9103854bd6cc82dc3a5c3e8d2d715cab026c6f7ea6bf1b87c3136d674689c137 91636 gdm3_3.30.2-3.debian.tar.xz
742dc130735d571be18157f3e977d9bc92909b4b9882e53dae863ca50170882b 16997 gdm3_3.30.2-3_source.buildinfo
Files:
11419d7ce215bc688538147e9bd263ce 3022 gnome optional gdm3_3.30.2-3.dsc
60701562c6acc24c0704e4b2e78ff180 91636 gnome optional gdm3_3.30.2-3.debian.tar.xz
b3a518efe70a09c0609e7bd10ebedcd0 16997 gnome optional gdm3_3.30.2-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlxezr4ACgkQ4FrhR4+B
TE93Gg//YmvDsItST6qbZegYR3GIPbv8I7jrwBy0HezBVwgLu0neqDv5nGAyLVpk
sNWOH7I9gSDL1OOQl0IDc1C8UcaR7cR2gvLrtgHgP52UWR2XjnyMhybZ2WVYmspW
2doKunBBrBsFqHmsAAermhJwe2kx/ex+i4TZjpAKRnbHzC0xdZ1x7WdvHyUCDTTA
lSViKJKz15umHBb/culg+loi2Dz0CfSWM/3xOZ5BmJ8Xfno+qklDvq/+iyqDQPql
NOPX/WiClwsEMfZYlkIlN8jvgkjoYU1djKtX7ehpwY6OK60si0mrRKAb28bq0dR4
gG4lwve9JvYfpbr0xpY74K/EelYN+JocfCN24EHnSO5Xjpy9GF7iyzRYU5FyiWTl
T6j5c86zLERtk6zZzBBFTW235pSNzoZnoFsX9oFFStGMZOh4pqXtx1J7S3m6Sfy1
5QTvV6uVTnBB+9CXgLEb5I081y6Whna23Kd5vVQZ8EJm9nHQG0shjwWUf9bCzbj5
O6GwMD21PmTgRRjL8wUaD+1sEhXP+Ou3JOzwOxRydYrZFW6LtZ4ETmEItaVMf8gP
BXDAtYEb4bNsccIDfadIh57UNj8dnyNaCohqZ0mq2tdkbkW2k34iw5n/ZOg11ekT
GyyAbDANC9i4slUh4WVy1y0/8cMGNvG6/VvbP/cufcAgXPph0Qc=
=2AjF
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 06 Apr 2019 07:28:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:40:21 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.