Bug#578736: This is actually a security concern

Soeren Sonnenburg sonne at debian.org
Tue May 4 05:38:11 UTC 2010

Package: gdm3
Version: 2.30.2-1
Severity: grave

a user logging out would not expect his session to be auto-logged in
again / a background crash hands over the users session

-- System Information:
Debian Release: squeeze/sid
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gdm3 depends on:
ii  adduser                 3.112            add and remove users and groups
ii  aterm [x-terminal-emula 1.0.1-7          Afterstep XVT - a VT102 emulator f
ii  debconf [debconf-2.0]   1.5.32           Debian configuration management sy
ii  eterm [x-terminal-emula 0.9.5-2          Enlightened Terminal Emulator
ii  fluxbox [x-window-manag 1.1.1-7          Highly configurable and low resour
ii  gconf2                  2.28.1-3         GNOME configuration database syste
ii  gnome-session [x-sessio 2.30.0-1         The GNOME Session Manager - GNOME 
ii  gnome-session-bin       2.30.0-1         The GNOME Session Manager - Minima
ii  gnome-terminal [x-termi 2.30.0-1         The GNOME terminal emulator applic
ii  kterm [x-terminal-emula 6.2.0-46         Multi-lingual terminal emulator fo
ii  kwin [x-window-manager] 4:3.5.9.dfsg.1-6 the KDE window manager
ii  libart-2.0-2            2.3.21-1         Library of functions for 2D graphi
ii  libatk1.0-0             1.30.0-1         The ATK accessibility toolkit
ii  libattr1                1:2.4.44-1       Extended attribute shared library
ii  libaudit0               1.7.13-1+b1      Dynamic library for security audit
ii  libbonobo2-0            2.24.3-1         Bonobo CORBA interfaces library
ii  libbonoboui2-0          2.24.3-1         The Bonobo UI library
ii  libc6                   2.10.2-7         Embedded GNU C Library: Shared lib
ii  libcairo2               1.8.10-4         The Cairo 2D vector graphics libra
ii  libcanberra-gtk0        0.22-1           Gtk+ helper for playing widget eve
ii  libcanberra0            0.22-1           a simple abstract interface for pl
ii  libdbus-1-3             1.2.24-1         simple interprocess messaging syst
ii  libdbus-glib-1-2        0.86-1           simple interprocess messaging syst
ii  libdevkit-power-gobject 1:0.9.2-1        abstraction for power management -
ii  libfontconfig1          2.8.0-2.1        generic font configuration library
ii  libfreetype6            2.3.11-1         FreeType 2 font engine, shared lib
ii  libgconf2-4             2.28.1-3         GNOME configuration database syste
ii  libglib2.0-0            2.24.1-1         The GLib library of C routines
ii  libgnome2-0             2.30.0-1         The GNOME library - runtime files
ii  libgnomecanvas2-0       2.30.1-1         A powerful object-oriented display
ii  libgtk2.0-0             2.20.1-1         The GTK+ graphical user interface 
ii  liborbit2               1:2.14.18-0.1    libraries for ORBit2 - a CORBA ORB
ii  libpam-modules          1.1.1-3          Pluggable Authentication Modules f
ii  libpam-runtime          1.1.1-3          Runtime support for the PAM librar
ii  libpam0g                1.1.1-3          Pluggable Authentication Modules l
ii  libpanel-applet2-0      2.28.0-3+b1      library for GNOME Panel applets
ii  libpango1.0-0           1.28.0-1         Layout and rendering of internatio
ii  libpolkit-gobject-1-0   0.96-2           PolicyKit Authorization API
ii  libpolkit-gtk-1-0       0.96-2           PolicyKit GTK+ API
ii  libpopt0                1.15-1           lib for parsing cmdline parameters
ii  librsvg2-common         2.26.3-1         SAX-based renderer library for SVG
ii  libselinux1             2.0.94-1         SELinux runtime shared libraries
ii  libwrap0                7.6.q-18         Wietse Venema's TCP wrappers libra
ii  libx11-6                2:1.3.3-3        X11 client-side library
ii  libxau6                 1:1.0.5-2        X11 authorisation library
ii  libxdmcp6               1:1.0.3-2        X11 Display Manager Control Protoc
ii  libxklavier16           5.0-2            X Keyboard Extension high-level AP
ii  libxml2                 2.7.7.dfsg-2     GNOME XML library
ii  lsb-base                3.2-23.1         Linux Standard Base 3.2 init scrip
ii  metacity [x-window-mana 1:2.30.1-1       lightweight GTK+ window manager
ii  mutter [x-window-manage 2.29.0-2         lightweight GTK+ window manager
ii  policykit-1-gnome       0.96-2           GNOME authentication agent for Pol
ii  terminator [x-terminal- 0.93-1           multiple GNOME terminals in one wi
ii  twm [x-window-manager]  1:1.0.4-2        Tab window manager
ii  upower                  0.9.2-1          abstraction for power management
ii  wterm [x-terminal-emula 6.2.9-8.1        lightweight terminal emulator for 
ii  xterm [x-terminal-emula 256-1            X terminal emulator
ii  xvt [x-terminal-emulato 2.1-20           X terminal-emulator similar to xte
ii  zlib1g                  1: compression library - runtime

Versions of packages gdm3 recommends:
ii  at-spi                     1.30.1-1      Assistive Technology Service Provi
ii  gnome-icon-theme     GNOME Desktop icon theme
ii  gnome-power-manager        2.30.1-1      power management tool for the GNOM
ii  gnome-settings-daemon      2.30.1-1      daemon handling the GNOME session 
ii  xnest                      2: Nested X server
ii  xserver-xephyr             2: nested X server
ii  xserver-xorg               1:7.5+5       the X.Org X server
ii  zenity                     2.30.0-1      Display graphical dialog boxes fro

Versions of packages gdm3 suggests:
ii  gnome-mag                     1:0.16.1-1 a screen magnifier for the GNOME d
ii  gnome-orca                    2.30.1-1   Scriptable screen reader
ii  gok                           2.30.0-1   GNOME Onscreen Keyboard
ii  libpam-gnome-keyring          2.30.1-2   PAM module to unlock the GNOME key
ii  metacity                      1:2.30.1-1 lightweight GTK+ window manager

-- Configuration Files:
/etc/gdm3/daemon.conf changed [not included]

-- debconf information excluded

More information about the pkg-gnome-maintainers mailing list