CVE-2019-3825

Debian Bug report logs - #921764
CVE-2019-3825

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2019-3825

Date: Fri, 08 Feb 2019 22:31:00 +0100

Source: gdm3
Severity: important

This was assigned CVE-2019-3825:
https://gitlab.gnome.org/GNOME/gdm/issues/460

Cheers,
        Moritz
 

Message #16 received at 921764-submitter@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <>

To: 921764-submitter@bugs.debian.org

Subject: Bug #921764 in gdm3 marked as pending

Date: Sat, 09 Feb 2019 12:57:25 +0000

Control: tag -1 pending

Hello,

Bug #921764 in gdm3 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/gnome-team/gdm/commit/36e70f3d37d5121205d9c37acc95c5af502bd6d5

------------------------------------------------------------------------
Update to upstream gnome-3-30 branch at commit 3.30.2-4-gdd4529542

Fix interaction between timed logins and ordinary logins that could lead
to the wrong session being unlocked when not using Wayland (CVE-2019-3825)

Closes: #921764
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/921764

Message #21 received at 921764-close@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: 921764-close@bugs.debian.org

Subject: Bug#921764: fixed in gdm3 3.30.2-3

Date: Sat, 09 Feb 2019 13:19:06 +0000

Source: gdm3
Source-Version: 3.30.2-3

We believe that the bug you reported is fixed in the latest version of
gdm3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 921764@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated gdm3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 09 Feb 2019 11:38:07 +0000
Source: gdm3
Architecture: source
Version: 3.30.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 921764
Changes:
 gdm3 (3.30.2-3) unstable; urgency=medium
 .
   * Team upload
   * d/p/95_accept_all_layouts.patch: Fix truncated patch.
     A trailing blank line was declared in the diff header but missing from
     the content.
   * d/p/manager-don-t-kill-timed-login-session-immediately-after-.patch,
     d/p/manager-session-Add-some-debugging-around-starting-reauth.patch,
     d/p/session-Don-t-allow-greeter-operations-on-an-running-sess.patch,
     d/p/GdmManager-Don-t-perform-timed-login-if-session-gets-star.patch:
     Update to upstream gnome-3-30 branch at commit 3.30.2-4-gdd4529542
     - Fix interaction between timed logins and ordinary logins
       that could lead to the wrong session being unlocked when not using
       Wayland (CVE-2019-3825, Closes: #921764)
   * d/greeter.dconf-defaults:
     Add commented-out power management options to make it easier to disable
     automatic suspend if desired (see #893964)
Checksums-Sha1:
 925346683ac939383cf92c5e0befd1bdb1cd63f0 3022 gdm3_3.30.2-3.dsc
 c59f4b5fce06a84abba0bb864723be1a25688056 91636 gdm3_3.30.2-3.debian.tar.xz
 1a34d643e330f5f97c05eeb80da4605f80f01e53 16997 gdm3_3.30.2-3_source.buildinfo
Checksums-Sha256:
 75a41956c70d2b7340d9fd8061dee4b74c6a8f5627ffa7b8991c4023e668111f 3022 gdm3_3.30.2-3.dsc
 9103854bd6cc82dc3a5c3e8d2d715cab026c6f7ea6bf1b87c3136d674689c137 91636 gdm3_3.30.2-3.debian.tar.xz
 742dc130735d571be18157f3e977d9bc92909b4b9882e53dae863ca50170882b 16997 gdm3_3.30.2-3_source.buildinfo
Files:
 11419d7ce215bc688538147e9bd263ce 3022 gnome optional gdm3_3.30.2-3.dsc
 60701562c6acc24c0704e4b2e78ff180 91636 gnome optional gdm3_3.30.2-3.debian.tar.xz
 b3a518efe70a09c0609e7bd10ebedcd0 16997 gnome optional gdm3_3.30.2-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlxezr4ACgkQ4FrhR4+B
TE93Gg//YmvDsItST6qbZegYR3GIPbv8I7jrwBy0HezBVwgLu0neqDv5nGAyLVpk
sNWOH7I9gSDL1OOQl0IDc1C8UcaR7cR2gvLrtgHgP52UWR2XjnyMhybZ2WVYmspW
2doKunBBrBsFqHmsAAermhJwe2kx/ex+i4TZjpAKRnbHzC0xdZ1x7WdvHyUCDTTA
lSViKJKz15umHBb/culg+loi2Dz0CfSWM/3xOZ5BmJ8Xfno+qklDvq/+iyqDQPql
NOPX/WiClwsEMfZYlkIlN8jvgkjoYU1djKtX7ehpwY6OK60si0mrRKAb28bq0dR4
gG4lwve9JvYfpbr0xpY74K/EelYN+JocfCN24EHnSO5Xjpy9GF7iyzRYU5FyiWTl
T6j5c86zLERtk6zZzBBFTW235pSNzoZnoFsX9oFFStGMZOh4pqXtx1J7S3m6Sfy1
5QTvV6uVTnBB+9CXgLEb5I081y6Whna23Kd5vVQZ8EJm9nHQG0shjwWUf9bCzbj5
O6GwMD21PmTgRRjL8wUaD+1sEhXP+Ou3JOzwOxRydYrZFW6LtZ4ETmEItaVMf8gP
BXDAtYEb4bNsccIDfadIh57UNj8dnyNaCohqZ0mq2tdkbkW2k34iw5n/ZOg11ekT
GyyAbDANC9i4slUh4WVy1y0/8cMGNvG6/VvbP/cufcAgXPph0Qc=
=2AjF
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.