[Secure-testing-team] #469462: X access wide open on LTSP clients
vagrant at freegeek.org
vagrant at freegeek.org
Tue Mar 11 19:59:58 UTC 2008
debian bug #469462 is a nasty security bug which allows anyone knowing
the ip address and display number to read or send keystrokes, mouse
clicks, X clients, etc. to LTSP clients logged in using LDM.
due to slow buildd's, it has been quite some time since ldm has migrated
from unstable to testing (mainly mips*, though others as well).
because of that, the version of ldm in testing is basically incompatible
with the version of ltsp in testing (scripts to run ldm from ltsp were
moved from the ltsp-client-core package into ldm itself), so simply
patching the version of ldm in testing for security only issues would
not really be particularly useful.
so i'm wondering what the options are for getting a fixed ldm package
into testing.
thanks!
live well,
vagrant
More information about the Secure-testing-team
mailing list