Security risk since 3+ years on all MATE default installations, and nobody want fix it.: SoylentNews Submission

Rejected submission by Andy_Random at 2017-01-18 03:07:12

Andy_Random [soylentnews.org] writes:

The MATE session manager listen total unnecessary on 2 TCP (V4+V6) ports on all interfaces.
User complain about this since (at least) 2014: https://bbs.archlinux.org/vietopic.php?id=182726 [archlinux.org]
https://bbs.archlinux.de/viewtopic.php?id=25645 [archlinux.de]
Reaction: ZERO! (and some wrong advise...)

So I opened a bug report for it: https://bugs.archlinux.org/task/52344 [archlinux.org]
Reaction: "Sounds like something you should take upstream."

OK, I asked in the Arch Linux Forum for advice: https://bbs.archlinux.org/viewtopic.php?id=221478 [archlinux.org]
Reaction: "Barking up the wrong tree."

I opened a (upstream) issue at https://github.com/mate-desktop/mate-session-manager/issues/131 [github.com]
Reaction: We can't confirm that. We need more info. We don't appreciate your tone.
ACTION ? None.

That is a unacceptable status. It may take only 20 min. for an experienced, security minded, coder to fix this.
But nobody is willing to fix it.

Any advice ?

P.S. Yes I use strong language when I need to talk to incompetent people, but be modest lead to ZERO action since 2014.

SoylentNews