Comment 5 for bug 1245295

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lightdm - 1.8.4-0ubuntu1

lightdm (1.8.4-0ubuntu1) saucy-security; urgency=low

  [ Marc Deslauriers ]
  * SECURITY UPDATE: improper guest account confinement (LP: #1243339)
    - CVE-2013-4459

  [ Robert Ancell ]
  * New upstream release:
    - Implement missing guest-wrapper functionality and enable it for Ubuntu.
    - Update AppArmor scripts to work in Ubuntu 13.10. (LP: #1243339)
  * debian/50-guest-wrapper.conf:
    - Configure guest session wrapper to use

lightdm (1.8.3-0ubuntu1) saucy; urgency=low

  * New upstream release:
    - Correctly set $XDG_SESSION_CLASS for greeters. This was regressed in 1.7.5
      for ConsoleKit and was never passed to logind. logind/ConsoleKit treat
      greeter sessions without this set as user sessions. This causes greeters
      to show the lightdm user able to be logged in with.
      (LP: #1242939)
    - Set $USER when running the session-setup-script. This is a regression from
      1.7.5. (LP: #1245957)
    - Fix notification of sessions being logged out. This is a regression from
      1.7.5 and caused greeters to show sessions logged in after they had been
      logged out. (LP: #1245295)
 -- Marc Deslauriers <email address hidden> Mon, 04 Nov 2013 13:35:26 -0500