[Secure-testing-team] Bug#594728: xscreensaver crashes leaving screen unlocked

Ivan Jager aij+debian at andrew.cmu.edu
Sat Aug 28 19:10:47 UTC 2010


Package: xscreensaver
Version: 5.11-1
Severity: grave
Tags: security
Justification: user security hole

xscreensaver ocasionally crashes leaving my desktop unlocked. I'm not
sure how to reproduce it other than just using xscreensaver normally
for like a week. I'm also not sure whether it happens while locking
the screen or shortly after. It's happened to me 4 times now, and
seems to be most common when I lock my screen and come back a few
minutes later, which seems to indicate it is something that happens
per screen locking rather than by the amount of time elapsed.

Anyways, after the previous crash I tried running it in a terminal so
I could see any output. Today it crashed again around 14:45. Here is
what it printed:
xscreensaver: 18:36:48: authentication via PAM timed out.
xscreensaver: 19:25:22: authentication via PAM timed out.
xscreensaver: 23:10:17: authentication via PAM timed out.
xscreensaver: 20:03:22: authentication via PAM timed out.
xscreensaver: 20:29:50: authentication via PAM timed out.
xscreensaver: 07:02:40: 0: child pid 16903 (<unknown>) exited abnormally (code 1).
XIO:  fatal IO error 10 (No child processes) on X server ":0.0"
      after 595760 requests (595736 known processed) with 1 events remaining.



I will try running it again with -sync (and try to remember to check
that it locks when I lock my screen). Is there anything else I should do
to figure out what's going on?

Thanks,
Ivan

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Versions of packages xscreensaver depends on:
ii  libatk1.0-0                 1.30.0-1     The ATK accessibility toolkit
ii  libc6                       2.11.2-2     Embedded GNU C Library: Shared lib
ii  libcairo2                   1.8.10-4     The Cairo 2D vector graphics libra
ii  libfontconfig1              2.8.0-2.1    generic font configuration library
ii  libfreetype6                2.4.2-1      FreeType 2 font engine, shared lib
ii  libglade2-0                 1:2.6.4-1    library to load .glade files at ru
ii  libglib2.0-0                2.24.1-1     The GLib library of C routines
ii  libgtk2.0-0                 2.20.1-1     The GTK+ graphical user interface 
ii  libice6                     2:1.0.6-1    X11 Inter-Client Exchange library
ii  libpam0g                    1.1.1-4      Pluggable Authentication Modules l
ii  libpango1.0-0               1.28.1-1     Layout and rendering of internatio
ii  libsm6                      2:1.1.1-1    X11 Session Management library
ii  libx11-6                    2:1.3.3-3    X11 client-side library
ii  libxext6                    2:1.1.2-1    X11 miscellaneous extension librar
ii  libxinerama1                2:1.1-3      X11 Xinerama extension library
ii  libxml2                     2.7.7.dfsg-4 GNOME XML library
ii  libxmu6                     2:1.0.5-1    X11 miscellaneous utility library
ii  libxpm4                     1:3.5.8-1    X11 pixmap library
ii  libxrandr2                  2:1.3.0-3    X11 RandR extension library
pn  libxrender1                 <none>       (no description available)
ii  libxt6                      1:1.0.7-1    X11 toolkit intrinsics library
ii  libxxf86vm1                 1:1.1.0-2    X11 XFree86 video mode extension l
ii  xscreensaver-data           5.11-1       data files to be shared among scre

Versions of packages xscreensaver recommends:
ii  libjpeg-progs          8b-1              Programs for manipulating JPEG fil
pn  perl5                  <none>            (no description available)
ii  wamerican [wordlist]   6-3               American English dictionary words 
ii  xli                    1.17.0+20061110-3 command line tool for viewing imag

Versions of packages xscreensaver suggests:
ii  epiphany-browser [www-brows 2.30.2-3     Intuitive GNOME web browser
pn  fortune                     <none>       (no description available)
ii  galeon [www-browser]        2.0.7-2.1+b1 GNOME web browser for advanced use
ii  lynx-cur [www-browser]      2.8.8dev.4-2 Text-mode WWW Browser with NLS sup
ii  midori [www-browser]        0.2.4-3      fast, lightweight graphical web br
pn  qcam | streamer             <none>       (no description available)
pn  xdaliclock                  <none>       (no description available)
pn  xfishtank                   <none>       (no description available)
pn  xscreensaver-gl             <none>       (no description available)

-- no debconf information





More information about the Secure-testing-team mailing list