CVE-2020-27837: A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. Maintainers, please confirm if we are vulnerable (I suspect the CVE text might be wrong).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7cbef6cf8bcca85cbb0594e62226c8a6a262b69 commit b7cbef6cf8bcca85cbb0594e62226c8a6a262b69 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-04-30 02:27:41 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-04-30 16:08:16 +0000 gnome-base/gdm: Version bump to 40.0 * Drop 49-keychain and 50-ssh-agent files (bugs #549102, #692648) * Switch to Meson (resolves bug #585976) ** Remove unnecessary fontconfig, libXext, iso-codes, libgudev, libXinerama dependencies * Remove unused introspection, smartcard, xinerama USE flags * Depend on xorg-server[-minimal] (bug #660546) * Resolve bug #613222, resolved upstream in v40.0 * Resolve bug #733708, resolved upstream in v3.38 Bug: https://bugs.gentoo.org/762460 Closes: https://bugs.gentoo.org/549102 Closes: https://bugs.gentoo.org/585976 Closes: https://bugs.gentoo.org/613222 Closes: https://bugs.gentoo.org/660546 Closes: https://bugs.gentoo.org/692648 Closes: https://bugs.gentoo.org/733708 Signed-off-by: Matt Turner <mattst88@gentoo.org> gnome-base/gdm/Manifest | 1 + ...dm-40.0-meson-allow-building-with-elogind.patch | 211 +++++++++++++++++++++ gnome-base/gdm/gdm-40.0.ebuild | 207 ++++++++++++++++++++ 3 files changed, 419 insertions(+)
Thanks! Please stable when ready.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d317fa1ab038e3fcdd86897a869fc4c8d59c247 commit 4d317fa1ab038e3fcdd86897a869fc4c8d59c247 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-05-30 23:32:42 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-05-31 01:57:51 +0000 gnome-base/gdm: Drop old versions Bug: https://bugs.gentoo.org/762460 Signed-off-by: Matt Turner <mattst88@gentoo.org> gnome-base/gdm/Manifest | 1 - .../gdm/files/gdm-2.32.0-xinitrc-ssh-agent.patch | 32 --- gnome-base/gdm/files/gdm-CanGraphical-wait.patch | 189 ----------------- gnome-base/gdm/gdm-3.36.4-r1.ebuild | 228 --------------------- 4 files changed, 450 deletions(-)
Thanks!
Package list is empty or all packages have requested keywords.