Sddm may in some cases allow unauthenticated logins as the sddm user (CVE-2014-7271).
Sddm is vulnerable to a race condition in XAUTHORITY file generation (CVE-2014-7272).
Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality.
libxcb packages have been updated to work with sddm.