severity 656500 important thanks Mark Nipper <nipsy@bitgnome.net> (19/01/2012): > http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/ > > and further syndicated by: > --- > http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA > > the currently shipping version of this package contains a rather glaring > security hole with regards to locking screen savers under X. > > Fix seems to be commenting any references to XF86_Ungrab and > XF86_ClearGrab, at least for the time being. I'm not sure what the long > term fix will be (reintroducing previously removed functionality > possibly). Downgrading severity per: http://packages.qa.debian.org/x/xorg-server/news/20120119T101901Z.html As for the upstream fixes: http://lists.x.org/archives/xorg-devel/2012-January/028691.html http://lists.x.org/archives/xorg-devel/2012-January/028693.html Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature