From $URL: The 2.32.1 release is a security bug fix release of the GNOME Display Manager (GDM) program with the following fixes: - CVE-2011-0727 - Change to user before copying user files to prevent local root exploit
Fixed gnome-base/gdm-2.32.1 is already in the tree, thanks, folks. @gnome, can/should we stabilize that version?
gdm > 2.24 has always been masked. Unless this CVE applies to gdm-2.20 as well (haven't checked but probably not), there is no need to stabilize anything.
This definitely does not apply to us, since >2.21 gdm versions are all masked, 2.20.11 (current stable) doesn't have any such thing, and 2.22 was a complete rewrite of the code.
Ok, thanks, folks. According to http://git.gnome.org/browse/gdm/tree/NEWS this feature was added in 2.28.0. (In reply to comment #2) > gdm > 2.24 has always been masked. Resolving as invalid since we've never had vulnerable versions unmasked.