[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#225866: marked as done (kscreensaver: XFree86 server flags AllowDeactivateGrabs/AllowClosedownGrabs cause security breach.)

Your message dated Fri, 05 Mar 2004 16:41:44 +0100
with message-id <87eks7jo7b.fsf@student.kuleuven.ac.be>
and subject line Fixed in KDE 3.2, which just entered unstable
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Jan 2004 05:41:37 +0000
>From alex@aoi.dyndns.org Thu Jan 01 23:41:28 2004
Return-path: <alex@aoi.dyndns.org>
Received: from aoi.dyndns.org [69.17.34.240] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1AcHqe-0005UL-00; Thu, 01 Jan 2004 23:27:49 -0600
Received: by aoi.dyndns.org (Postfix, from userid 1001)
	id 80F98BE400C; Thu,  1 Jan 2004 21:27:48 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Alexander Hvostov <alex@aoi.dyndns.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kscreensaver: XFree86 server flags AllowDeactivateGrabs/AllowClosedownGrabs
 cause security breach.
X-Mailer: reportbug 2.37
Date: Thu, 01 Jan 2004 21:27:48 -0800
Message-Id: <20040102052748.80F98BE400C@aoi.dyndns.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 
	2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_29 
	(1.212-2003-09-23-exp) on master.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no 
	version=2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_29
X-Spam-Level: 

Package: kscreensaver
Version: 4:3.1.4-2
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

'kscreensaver' does not properly deal with the XFree86 server options
AllowDeactivateGrabs and AllowClosedownGrabs. Invoking the key combinations
enabled by these options allows one to bypass kscreensaver's locking of the
display, causing a breach of security. Therefore, these options cannot safely
be used with kscreensaver when locking of the display is required. Apparently
there is an API for dealing with this; please see #225762.

- -- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux cornerstone 2.6.0 #16 Sat Dec 27 15:15:08 PST 2003 i686
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages kscreensaver depends on:
ii  kdelibs4                   4:3.1.4-3     KDE core libraries
ii  libart-2.0-2               2.3.16-1      Library of functions for 2D graphi
ii  libaudio2                  1.6a-1        The Network Audio System (NAS). (s
ii  libc6                      2.3.2.ds1-10  GNU C Library: Shared libraries an
ii  libfam0c102                2.6.10-6      client library to control the FAM 
ii  libfontconfig1             2.2.1-13      generic font configuration library
ii  libfreetype6               2.1.7-1       FreeType 2 font engine, shared lib
ii  libgcc1                    1:3.3.3-0pre1 GCC support library
ii  libpng12-0                 1.2.5.0-4     PNG library - runtime
ii  libqt3c102-mt              3:3.2.1-6     Qt GUI Library (Threaded runtime v
ii  libstdc++5                 1:3.3.3-0pre1 The GNU Standard C++ Library v3
ii  libxcursor1                1.0.2-2       X Cursor management library
ii  libxft2                    2.1.2-5       FreeType-based font drawing librar
ii  libxrender1                0.8.3-5       X Rendering Extension client libra
ii  xlibmesa3-gl [libgl1]      4.2.1-14      Mesa 3D graphics library [XFree86]
ii  xlibmesa3-glu [libglu1]    4.2.1-14      Mesa OpenGL utility library [XFree
ii  xlibs                      4.2.1-14      X Window System client libraries
ii  zlib1g                     1:1.2.1-3     compression library - runtime

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/9QFUtHQW4HWNftkRAk/0AJ456H8kdb3DLVupcp83/GWh0kcwVgCfb924
Krsq0aXTGrfYYXyhJDYzQL0=
=Pm1f
-----END PGP SIGNATURE-----

---------------------------------------
Received: (at 225866-close) by bugs.debian.org; 5 Mar 2004 15:41:12 +0000
>From dominique.devriese@student.kuleuven.ac.be Fri Mar 05 07:41:11 2004
Return-path: <dominique.devriese@student.kuleuven.ac.be>
Received: from nibbel.kulnet.kuleuven.ac.be [134.58.240.41] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1AzHRn-0003kL-00; Fri, 05 Mar 2004 07:41:11 -0800
Received: from localhost (localhost [127.0.0.1])
	by nibbel.kulnet.kuleuven.ac.be (Postfix) with ESMTP
	id B960E4B861; Fri,  5 Mar 2004 16:40:32 +0100 (CET)
Received: from antonius.kulnet.kuleuven.ac.be (antonius.kulnet.kuleuven.ac.be [134.58.240.73])
	by nibbel.kulnet.kuleuven.ac.be (Postfix) with ESMTP
	id 19FCB4BAC4; Fri,  5 Mar 2004 16:40:32 +0100 (CET)
Received: from appel (domi.kotnet.org [10.0.57.168])
	by antonius.kulnet.kuleuven.ac.be (Postfix) with ESMTP
	id E3F6E4C0D1; Fri,  5 Mar 2004 16:40:31 +0100 (CET)
Received: from domi by appel with local (Exim 3.36 #1 (Debian))
	id 1AzHSK-0002af-00; Fri, 05 Mar 2004 16:41:44 +0100
To: 218673-close@bugs.debian.org, 224890-close@bugs.debian.org,
	229554-close@bugs.debian.org, 233477-close@bugs.debian.org,
	203328-close@bugs.debian.org, 229114-close@bugs.debian.org,
	139800-close@bugs.debian.org, 158998-close@bugs.debian.org,
	163308-close@bugs.debian.org, 164019-close@bugs.debian.org,
	182067-close@bugs.debian.org, 187002-close@bugs.debian.org,
	187610-close@bugs.debian.org, 188151-close@bugs.debian.org,
	190684-close@bugs.debian.org, 195379-close@bugs.debian.org,
	196446-close@bugs.debian.org, 203863-close@bugs.debian.org,
	205652-close@bugs.debian.org, 219566-close@bugs.debian.org,
	220375-close@bugs.debian.org, 222304-close@bugs.debian.org,
	225866-close@bugs.debian.org, 200853-close@bugs.debian.org,
	215287-close@bugs.debian.org, 222627-close@bugs.debian.org,
	172907-close@bugs.debian.org, 199926-close@bugs.debian.org,
	223854-close@bugs.debian.org
Subject: Fixed in KDE 3.2, which just entered unstable
From: Dominique Devriese <dominique.devriese@student.kuleuven.ac.be>
Date: Fri, 05 Mar 2004 16:41:44 +0100
Message-ID: <87eks7jo7b.fsf@student.kuleuven.ac.be>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through
 Obscurity, linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: Dominique Devriese <dominique.devriese@student.kuleuven.ac.be>
X-Virus-Scanned: by KULeuven Antivirus Cluster
Delivered-To: 225866-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_05 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no 
	version=2.60-bugs.debian.org_2004_03_05
X-Spam-Level: 


Closing 29 bugs that have been fixed upstream in KDE 3.2, which was
just uploaded to unstable.

cheers
domi
Reply to: