[Secure-testing-team] Bug#844285: pidgin: steals (warps) mouse cursor (not just focus) when new message comes in [SEC=UNCLASSIFIED]

Tim Connors reportbug at rather.puzzling.org
Mon Nov 14 01:23:39 UTC 2016 

Package: pidgin
Version: 2.11.0-0+deb8u1
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

Like bugs #399786 and #518339, the mouse is warped to an open
conversation window when a new message comes into that conversation.
Typing a password at the time, and your password gets entered into
that conversation.

Never steal focus - there is never any valid reason for it.
Especially not something as unimportant as a chat program.

There appears to be no setting in preferences or plugins to disable
this brain damage.

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (5, 'testing'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.4-040804-generic (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pidgin depends on:
ii  gconf2                      3.2.6-3
ii  libatk1.0-0                 2.14.0-1
ii  libc6                       2.23-5
ii  libcairo2                   1.14.0-2.1+deb8u1
ii  libdbus-1-3                 1.10.10-1
ii  libdbus-glib-1-2            0.102-1
ii  libfontconfig1              2.11.0-6.3+deb8u1
ii  libfreetype6                2.5.2-3+deb8u1
ii  libgadu3                    1:1.12.0-5
ii  libgdk-pixbuf2.0-0          2.31.1-2+deb8u5
ii  libglib2.0-0                2.48.0-1~bpo8+1
ii  libgstreamer0.10-0          0.10.36-1.5
ii  libgtk2.0-0                 2.24.25-3+deb8u1
ii  libgtkspell0                2.0.16-1.1
ii  libice6                     2:1.0.9-1+b1
ii  libpango-1.0-0              1.36.8-3
ii  libpangocairo-1.0-0         1.36.8-3
ii  libpangoft2-1.0-0           1.36.8-3
ii  libpurple0                  2.11.0-0+deb8u1
ii  libsm6                      2:1.2.2-1+b1
ii  libx11-6                    2:1.6.2-3
ii  libxml2                     2.9.1+dfsg1-5+deb8u3
ii  libxss1                     1:1.2.2-1
ii  perl-base [perlapi-5.20.2]  5.20.2-3+deb8u6
ii  pidgin-data                 2.11.0-0+deb8u1

Versions of packages pidgin recommends:
ii  gstreamer0.10-alsa          0.10.36-2
pn  gstreamer0.10-ffmpeg        <none>
ii  gstreamer0.10-plugins-base  0.10.36-2
ii  gstreamer0.10-plugins-good  0.10.31-3+nmu4+b1

Versions of packages pidgin suggests:
ii  libsqlite3-0  3.8.7.1-1+deb8u2

-- no debconf information

More information about the Secure-testing-team mailing list