Package: kdm Version: 4:3.5.3-2 Severity: grave Tags: security patch Justification: user security hole
KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. See http://www.kde.org/info/security/advisory-20060614-1.txt (includes patch) Please mention the CVE-id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
