CVE-2011-0727 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727): GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
The face icon vulnerability doesn't apply to 2.20.x, but the dmrc one might apply. Needs further investigation.
Ping, any progress?
this is already handled in our part I think
fixed in 3.8, stabilized in bug #478252
(In reply to Pacho Ramos from comment #4) > fixed in 3.8, stabilized in bug #478252 Version 3.8 is no longer in tree. Adding this to master GLSA for things fixed and cleaned up in 2011.
This issue was resolved and addressed in GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml by GLSA coordinator Sean Amoss (ackle).