Bug#814355: marked as done (plasma-workspace: CVE-2016-2312: KDE lockscreen bypass by switching display off and on)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 22 Feb 2016 19:35:43 +0000
with message-id <E1aXwGl-0004jR-FE@franck.debian.org>
and subject line Bug#814355: fixed in plasma-workspace 4:5.4.3-2
has caused the Debian Bug report #814355,
regarding plasma-workspace: CVE-2016-2312: KDE lockscreen bypass by switching display off and on
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
814355: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814355
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: plasma-workspace: CVE-2016-2312: KDE lockscreen bypass by switching display off and on
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Wed, 10 Feb 2016 19:23:12 +0100
• Message-id: <[🔎] 145512859296.5533.6725667444627374059.reportbug@eldamar.local>

Source: plasma-workspace
Version: 4:5.4.3-1
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: https://bugs.kde.org/show_bug.cgi?id=358125

Hi,

the following vulnerability was published for plasma-workspace.

CVE-2016-2312[0]:
KDE lockscreen bypass by switching display off and on

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-2312
[1] https://www.kde.org/info/security/advisory-20160209-1.txt
[2] https://bugs.kde.org/show_bug.cgi?id=358125
[3] https://bugzilla.opensuse.org/show_bug.cgi?id=964548

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 814355-close@bugs.debian.org
• Subject: Bug#814355: fixed in plasma-workspace 4:5.4.3-2
• From: Felix Geyer <fgeyer@debian.org>
• Date: Mon, 22 Feb 2016 19:35:43 +0000
• Message-id: <E1aXwGl-0004jR-FE@franck.debian.org>

Source: plasma-workspace
Source-Version: 4:5.4.3-2

We believe that the bug you reported is fixed in the latest version of
plasma-workspace, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 814355@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fgeyer@debian.org> (supplier of updated plasma-workspace package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 22 Feb 2016 20:16:55 +0100
Source: plasma-workspace
Binary: plasma-workspace-dev plasma-workspace-wayland plasma-workspace libkworkspace5-5 libplasma-geolocation-interface5 libtaskmanager5 libweather-ion7 sddm-theme-breeze plasma-workspace-dbg
Architecture: source
Version: 4:5.4.3-2
Distribution: unstable
Urgency: high
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Felix Geyer <fgeyer@debian.org>
Description:
 libkworkspace5-5 - Plasma Workspace for KF5 library
 libplasma-geolocation-interface5 - Plasma Workspace for KF5 library
 libtaskmanager5 - Plasma Workspace for KF5 library
 libweather-ion7 - Plasma Workspace for KF5 library
 plasma-workspace - Plasma Workspace for KF5
 plasma-workspace-dbg - Plasma Workspace for KF5
 plasma-workspace-dev - Plasma Workspace for KF5 devel files
 plasma-workspace-wayland - Plasma Workspace for KF5 - Wayland integration
 sddm-theme-breeze - Breeze SDDM theme
Closes: 814355
Changes:
 plasma-workspace (4:5.4.3-2) unstable; urgency=high
 .
   Team upload.
 .
   [ Dmitry Shachnev ]
   * Stop depending on qtdeclarative5-* transitional packages.
 .
   [ Felix Geyer ]
   * Fix CVE-2016-2312: KDE lockscreen bypass by switching display off and on.
     (Closes: #814355)
     - Add debian/patches/CVE-2016-2312.diff, cherry-picked from upstream
       Plasma/5.4 branch.
Checksums-Sha1:
 761d30cdf0b0a400237240227e38e0a63e630876 4294 plasma-workspace_5.4.3-2.dsc
 ce909fd522bcf05aa41ef16c926f7a5b85eec307 23140 plasma-workspace_5.4.3-2.debian.tar.xz
Checksums-Sha256:
 3178c3ce667f2b58ea639db5cd04f78dec4c560b451ead7e5bd2606758a41b1e 4294 plasma-workspace_5.4.3-2.dsc
 6a69ad27fb145e79882a78f1090da2417bb21f53a8ceb2fe2caa97e59108e754 23140 plasma-workspace_5.4.3-2.debian.tar.xz
Files:
 5dac6a9d209af6a203bf5206e8a8ded3 4294 kde optional plasma-workspace_5.4.3-2.dsc
 17c858574dc32a09133b01b8d28596f9 23140 kde optional plasma-workspace_5.4.3-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWy164AAoJEP4ixv2DE11FQP4P/3gw1UEwuvgBdLdqXekdDeXl
u5dCIbN7+Cz57sEYq1ayYCxEg506ltt9RlD7t9ivXe+liUr4aLsaJQpHpUBA6PJH
4MsqlA+ta0JZ2cvyqyBHytmP1aunXcI3lv0ighG/85Ud2bLgwfAAZ+NmYX3zuNMP
8fXT0Z7GKlMAq7wLRls/xS6mYTIdFSayoLRg2EtggyePwLiMmACeXrwFLn466HHN
rhoqpOHnAjCkcpF1ldkFFM0jfFE64bgR6mqHDIvmTYIT7jb7ILA3m9F/2qPm6e39
XoJ3KaeApQa1TlmnershrCen1hXTBa211ZNQym9HehhFgmjNu/Zav6NkfI74RFJe
8CjD0Xrt9t04v79ShIoscRvYFy/jHZjwQoTQkkwwuz40tm9RlzoeFIxQ2cgCIiJu
xfN0sYNG8YAjsz10hOsYLoOay+oiVbU5Xx5nY2VExZLOBfW/FAhTp7GYpkC28DKz
YKktbJr3BS5T7BmgWXYj9l+KSHbzzyoeXLU93PQEo9N0tTVEdMdhJcELU7vgNTS7
Tbp44OeVlXIrtxa6yMa47IM7HvZW0MnTnbMtoOeyODrkKaqGy+q12oJjWhw6G4eh
ol3tGPvDNxf8Ori8VTknzl394v+tCdpBNmtmyz8njBE9y3zflXJftTlLcyNUVCgw
hfLivRY94d4pQjc5XoBv
=mQ/t
-----END PGP SIGNATURE-----

--- End Message ---