From ${URL} : It was found that when XDMCP sercer is enabled and LightDM receives an XDMCP Request packet with no addresses, it will attempt to access a negative index into an array, causing denial of service. CVE assignment: http://seclists.org/oss-sec/2015/q4/352 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fixed versions (1.14.4 and 1.16.6) are in the tree. Can we go stable with one of these?
Like said in comment #1 a fixed version is in tree and went stable in the meanwhile. @ Maintainer(s): Could you please cleanup and drop the remaining vulnerable version =x11-misc/lightdm/1.10.5?
Devaway... https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9b45032ad3461086b53a80c6870a26527461639 GLSA Vote: No