From ${URL} : lightdm-gtk was found to be affected by a vulnerability, which causes it to crash with no username entered and hitting the ENTER. The issue seems to be a local DoS due to NULL pointer dereference, which can be triggered by any unprivileged attacker requiring the intervention of an administrator to restart lightdm. When a greeter crashes the lightdm daemon exits. References: http://seclists.org/oss-sec/2014/q1/30 https://bugzilla.novell.com/show_bug.cgi?id=857303 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-0979 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0979): The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.
@maintainer: Please stabilize a fixed version and remove the vulnerable versions.
Devaway... and newer version is already stabilized. Removing vulnerable ebuilds: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=897bc831db8078bac097f66d2dfca520be4ff99e GLSA Vote: No
Missed the arm keyword: @arm, please stabilize: =x11-misc/lightdm-gtk-greeter-2.0.1-r1
arm stable, all arches done.
vulnerable versions dropped.