Comment 1 Matthias Geerdsen (RETIRED) 2006-12-14 05:57:38 UTC

*** Bug 157289 has been marked as a duplicate of this bug. ***

Comment 2 Matthias Geerdsen (RETIRED) 2006-12-14 06:04:26 UTC

thanks leio

Comment 3 Mart Raudsepp 2006-12-14 08:27:20 UTC

gdm-2.14.11 and gdm-2.16.4 are in the tree now in ~arch.

Arches, please ensure your latest stable is either 2.14.11 or gdm-2.16.4 so I can clean up the vulnerable versions and up to date users wouldn't be affected anymore. I.e, stabilize one of them or both.

Comment 4 Mart Raudsepp 2006-12-14 08:29:05 UTC

Excerpt from NEWS file for reference:

- Fix for a recently reported security issue that has ID
  CVE-2006-6105.  This fixes a problem where a user can
  enter strings like "%08x" into the gdmchooser "Add"j
  host button and print out memory.  (Brian Cameron)

Comment 5 Markus Rothe (RETIRED) 2006-12-14 12:41:44 UTC

ppc64 stable

on x86:

gdm-2.16.4  USE="ipv6 pam tcpd -accessibility -debug (-selinux) -xinerama" 

seems to be fine in connection with

gnome-2.16.1  USE="cdr cups dvdr hal ldap mono -accessibility"

and 

gdm-2.14.11 USE="ipv6 pam tcpd -accessibility -debug (-selinux) -xinerama"

looks good with a minimal version of gnome-2.14 (that is gnome-light with a few additions).

Comment 7 Markus Meier 2006-12-15 12:45:59 UTC

gnome-base/gdm-2.14.11  USE="ipv6 pam tcpd -accessibility -debug (-selinux) -xinerama"
1. emerges on x86
2. passes collision test
3. works

gnome-base/gdm-2.16.4  USE="ipv6 pam tcpd -accessibility -debug (-selinux) -xinerama"
1. emerges on x86
2. passes collision test
3. works


Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18.4 i686)
=================================================================
System uname: 2.6.18.4 i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Gentoo Base System version 1.12.6
Last Sync: Fri, 15 Dec 2006 04:30:01 +0000
ccache version 2.3 [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kdeenablefinal kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xprint xv xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 8 Andrej Kacian (RETIRED) 2006-12-15 18:47:53 UTC

x86 done for 2.16.4 (as we have gnome 2.16 already stabilized)

Comment 9 Tobias Scherbaum (RETIRED) 2006-12-16 16:39:42 UTC

2.16.4 ppc stable

Comment 10 René Nussbaumer (RETIRED) 2006-12-17 14:04:51 UTC

stable on hppa

Comment 11 Jason Wever (RETIRED) 2006-12-17 19:09:48 UTC

SPARC stable

Comment 12 Luis Medinas (RETIRED) 2006-12-18 00:39:49 UTC

stable on amd64.

Comment 13 Mart Raudsepp 2006-12-21 04:25:21 UTC

alpha:
When you get around this, please do both gdm-2.14.11 and gdm-2.16.4 as you have a profile where GNOME-2.16 is masked

Comment 14 Bryan Østergaard (RETIRED) 2006-12-21 06:34:35 UTC

Alpha and IA64 done.

Comment 15 Stefan Cornelius (RETIRED) 2007-02-26 20:07:14 UTC

voting no

Comment 16 Raphael Marichez (Falco) (RETIRED) 2007-02-27 00:37:48 UTC

no too. not critical.

Comment 17 Matthias Geerdsen (RETIRED) 2007-03-05 21:00:32 UTC

closing after vote