[Secure-testing-team] Bug#628917: xscreensaver exits
Michal Suchanek
michal.suchanek at ruk.cuni.cz
Thu Jun 2 11:57:24 UTC 2011
Package: xscreensaver
Version: 5.11-1+b1
Severity: grave
Tags: security
Justification: user security hole
I guess I am experiencing the bug just fixed in unstable on Squeeze:
I have this in my .xsession-errors:
xscreensaver-command: activating and locking.
xscreensaver-command: activating and locking.
xscreensaver-command: activating and locking.
xscreensaver-command: no screensaver is running on display :0.0
xscreensaver-command: no screensaver is running on display :0.0
meaning that there was no xscreensawer last time I tried to lock the
screen.
If you rely on xscreensaver to lock your machine then this causes a
security hole.
I did nothing to terminate xscreensaver and I do not have any logs of it
crashing.
I am going to upgrade to 5.14 now.
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (900, 'stable'), (510, 'unstable'), (500, 'testing'), (200, 'experimental'), (111, 'oldstable'), (107, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages xscreensaver depends on:
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcairo2 1.10.2-6 The Cairo 2D vector graphics libra
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libglade2-0 1:2.6.4-1 library to load .glade files at ru
ii libglib2.0-0 2.28.6-1 The GLib library of C routines
ii libgtk2.0-0 2.24.4-3 The GTK+ graphical user interface
ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libpango1.0-0 1.28.3-6 Layout and rendering of internatio
ii libsm6 2:1.1.1-1 X11 Session Management library
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxinerama1 2:1.1-3 X11 Xinerama extension library
ii libxml2 2.7.8.dfsg-2 GNOME XML library
ii libxmu6 2:1.0.5-2 X11 miscellaneous utility library
ii libxpm4 1:3.5.8-1 X11 pixmap library
ii libxrandr2 2:1.3.0-3 X11 RandR extension library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii libxxf86vm1 1:1.1.0-2 X11 XFree86 video mode extension l
ii xscreensaver-data 5.11-1+b1 data files to be shared among scre
Versions of packages xscreensaver recommends:
ii libjpeg-progs 8b-1 Programs for manipulating JPEG fil
ii perl [perl5] 5.10.1-17 Larry Wall's Practical Extraction
ii wamerican [wordlist 6-3 American English dictionary words
ii xli 1.17.0+20061110-3+b1 command line tool for viewing imag
Versions of packages xscreensaver suggests:
ii 0.12~pre5-2 advanced text-mode WWW browser
ii 7.0~a1~hg20110531r7037 Safe and easy web browser from Moz
pn <none> (no description available)
ii 3.6.17-1 Web browser based on Firefox
ii 2.8.8dev.5-1 Text-mode WWW Browser with NLS sup
ii 0.2.4-3 fast, lightweight graphical web br
pn <none> (no description available)
ii 0.5.2-9 WWW browsable pager with excellent
pn <none> (no description available)
pn <none> (no description available)
ii 5.11-1+b1 GL(Mesa) screen hacks for xscreens
-- no debconf information
More information about the Secure-testing-team
mailing list