[CVE-2008-1692] opens on :0 if DISPLAY not set
Bug #216604 reported by
William Grant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eterm (Debian) |
Fix Released
|
Unknown
|
|||
eterm (Ubuntu) |
Fix Released
|
Low
|
Emanuele Gentili | ||
Dapper |
Won't Fix
|
Low
|
Emanuele Gentili | ||
Edgy |
Won't Fix
|
Low
|
Emanuele Gentili | ||
Feisty |
Fix Released
|
Low
|
Emanuele Gentili | ||
Gutsy |
Fix Released
|
Low
|
Emanuele Gentili | ||
Hardy |
Fix Released
|
Low
|
Emanuele Gentili |
Bug Description
Binary package hint: eterm
All releases are affected.
CVE-2008-1692:
"Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections."
CVE References
Changed in eterm: | |
importance: | Undecided → High |
status: | New → Confirmed |
importance: | Undecided → High |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
Changed in eterm: | |
assignee: | nobody → emgent |
status: | Confirmed → In Progress |
Changed in eterm: | |
assignee: | nobody → emgent |
importance: | Undecided → High |
status: | Confirmed → In Progress |
Changed in eterm: | |
assignee: | nobody → emgent |
status: | Confirmed → In Progress |
importance: | Undecided → High |
assignee: | nobody → emgent |
importance: | Undecided → High |
status: | Confirmed → In Progress |
Changed in eterm: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
FFe ACK for hardy.