[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Cinnamon security issue caused by segfault in caribou (as regression of xorg CVE-2020-25712 fix)

As reported here ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980061 ) some days ago after xorg fix of CVE-2020-25712 there was a regression that make caribou crash in some cases.

With cinnamon >=4.2 with it integrated in screensaver introduced a security issue (because caribou crash make also cinnamon-screensaver crash and log in without entering the correct password).

Mint developers have already did a patch to solve it; mint, fedora and other distros already solved it with new caribou build.

Yesterday not seeing any answer on debian I prepared a MR on caribou that solves the problem: https://salsa.debian.org/gnome-team/caribou/-/merge_requests/2

I already tested tested build (http://debomatic-amd64.debian.net/distribution#unstable/caribou/0.4.21-7.1~/buildlog), installed and verified that issue is not reproducible anymore.

I should do other things to make possible apply it ASAP?

Thanks for any reply.

Reply to: