CVE-2013-4459 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4459): LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
Keywords for x11-misc/lightdm: | | u | | a a p s | n | | l m h i m m p s p | u s | r | p d a p a 6 i p c 3 a x | s l | e | h 6 r p 6 8 p p 6 9 s r 8 | e o | p | a 4 m a 4 k s c 4 0 h c 6 | d t | o ------------+---------------------------+-----+------- 1.0.11 | o + o o o o o o o o o o + | # 0 | gentoo 1.2.2-r3 | o ~ ~ o o o o o o o o o ~ | # | gentoo 1.4.0 | o + + o o o o ~ o o o o + | o | gentoo 1.4.0-r2 | o + ~ o o o o ~ o o o o + | o | gentoo 1.4.3 | o ~ ~ o o o o ~ o o o o ~ | # | gentoo 1.6.2 | o ~ ~ o o o o ~ o o o o ~ | # | gentoo 1.7.16 | o ~ ~ o o o o ~ o o o o ~ | # | gentoo 1.7.18 | o ~ ~ o o o o ~ o o o o ~ | # | gentoo 1.8.5 | o ~ ~ o o o o ~ o o o o ~ | o | gentoo [M]1.9.5 | o ~ ~ o o o o ~ o o o o ~ | o | gentoo
I am sorry but comment #1 makes no sense to me. The layout is very hard to read so it's not clear to me what you want me to do here.
He's saying that the versions affected by this CVE are all ~, so no bumping needed. Please clean up versions that match " LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2," which would be 1.7.16 and 1.7.18.
(In reply to Chris Reffett from comment #3) > He's saying that the versions affected by this CVE are all ~, so no bumping > needed. Please clean up versions that match " LightDM 1.7.5 through 1.8.3 > and 1.9.x before 1.9.2," which would be 1.7.16 and 1.7.18. Thanks. Done + 22 Dec 2013; Markos Chandras <hwoarang@gentoo.org> -lightdm-1.7.16.ebuild, + -lightdm-1.7.18.ebuild: + Remove ebuilds affected by CVE-2013-4459. Bug #493716 +
