Bug#737396: marked as done (kscreensaver: locked screen allows any password if a third session (vt9) is also active)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 1 Aug 2014 12:32:46 +0200
with message-id <20140801103246.GT3410@gnuservers.com.ar>
and subject line Re: kscreensaver: locked screen allows any password if a third session (vt9) is also active
has caused the Debian Bug report #737396,
regarding kscreensaver: locked screen allows any password if a third session (vt9) is also active
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
737396: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737396
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: kscreensaver: locked screen allows any password if a third session (vt9) is also active
• From: Lajos Mester <l.mester@gmx.de>
• Date: Sun, 02 Feb 2014 13:58:01 +0100
• Message-id: <1434904.ENNP2sG1CB@zodiac>

Package: kscreensaver
Version: 4:4.8.4-5
Justification: causes serious data loss
Severity: critical
Tags: security

Dear Maintainer,

        after activating tree (kde-)sessions on vt7,vt8 and vt9, one of the
sessions does not need having a password entered at the login widget, still, 
it
lets you in.  Which session is affected is not clear, seems to be random.
        Not sure, but it I think even root sessions could be started this way.

Thanks



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kscreensaver depends on:
ii  kde-runtime               4:4.11.3-1
ii  kde-workspace-bin         4:4.11.3-2
ii  libc6                     2.17-97
ii  libgl1-mesa-glx [libgl1]  9.1.3-6
ii  libglu1-mesa [libglu1]    9.0.0-2
ii  libkdecore5               4:4.11.3-2
ii  libkdeui5                 4:4.11.3-2
ii  libkexiv2-10              4:4.8.4-1
ii  libkio5                   4:4.11.3-2
ii  libkparts4                4:4.11.3-2
ii  libkscreensaver5          4:4.11.3-2
ii  libqt4-opengl             4:4.8.4+dfsg-4
ii  libqtcore4                4:4.8.4+dfsg-4
ii  libqtgui4                 4:4.8.4+dfsg-4
ii  libstdc++6                4.8.2-10
ii  libx11-6                  2:1.6.2-1

Versions of packages kscreensaver recommends:
ii  kde-window-manager    4:4.11.3-2
ii  kscreensaver-xsavers  4:4.8.4-5

kscreensaver suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 737396-done@bugs.debian.org
• Subject: Re: kscreensaver: locked screen allows any password if a third session (vt9) is also active
• From: Maximiliano Curia <maxy@debian.org>
• Date: Fri, 1 Aug 2014 12:32:46 +0200
• Message-id: <20140801103246.GT3410@gnuservers.com.ar>

Hi,

Closing this issue now, the problem seems to be cause due to a corrupted (empty?)
user password.

Happy hacking,
-- 
"If a pickpocket meets a saint, he sees only his pockets."
-- Kegley's Law
Saludos /\/\ /\ >< `/

Attachment: signature.asc
Description: Digital signature

--- End Message ---