* debian/patches:

- 07_fix-NULL-username added, fix crash when last username is empty. This
    is CVE-2014-XXXX.                                         closes: #734472

debian/changelog

@@ -1,3 +1,11 @@
+lightdm-gtk-greeter (1.7.0-2) UNRELEASED; urgency=medium
+
+  * debian/patches:
+    - 07_fix-NULL-username added, fix crash when last username is empty. This
+      is CVE-2014-XXXX.                                         closes: #734472
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Tue, 07 Jan 2014 14:26:26 +0100
+
 lightdm-gtk-greeter (1.7.0-1) experimental; urgency=medium
 
   * New upstream development release.

debian/patches/07_fix-NULL-username.patch

@@ -0,0 +1,18 @@
+--- a/src/lightdm-gtk-greeter.c
++++ b/src/lightdm-gtk-greeter.c
+@@ -627,13 +627,13 @@ start_authentication (const gchar *usern
+     }
+     g_free (data);
+ 
+-    if (strcmp (username, "*other") == 0)
++    if (g_strcmp0 (username, "*other") == 0)
+     {
+         gtk_widget_show (GTK_WIDGET (username_entry));
+         gtk_widget_show (GTK_WIDGET (cancel_button));
+         lightdm_greeter_authenticate (greeter, NULL);
+     }
+-    else if (strcmp (username, "*guest") == 0)
++    else if (g_strcmp0 (username, "*guest") == 0)
+     {
+         lightdm_greeter_authenticate_as_guest (greeter);
+     }

debian/patches/series

@@ -1 +1,2 @@
 04_default-gtk-greeter-config.patch
+07_fix-NULL-username.patch