Bug#930527: linux-image-4.19.0-5-amd64: when logging out, not the whole screen is erased, leaving private information

[Ivo De Decker <ivodd@debian.org>]

Hi,

On Sun, Mar 29, 2020 at 09:43:42PM +0200, Vincent Lefevre wrote:
> On 2020-03-29 19:10:30 +0200, Ivo De Decker wrote:
> > On Fri, Jun 14, 2019 at 04:31:16PM +0200, Vincent Lefevre wrote:
> > > When logging out, a part of the previous session is still visible.
> > > This might be used to compromise the user's account or leak other
> > > private information, depending on what was written on the screen.
> > 
> > What do you mean exactly? Is the screen only erased partially, or not at all?
> 
> It was partially erased.
> 
> > Is there something specific about your setup that you think might be relevant
> > here?
> 
> I don't think so, except the use of the nouveau driver, of course.
> But there were no issues for years. I think that problems started
> to occur after some kernel upgrade. Now, I haven't had any problem
> since December, I think.

Do you think the problem is gone with the kernel you are running now? What
version is that?

> > Also, I don't think this bug is really 'grave'. Even if private information
> > remains on the screen, the user can see that, and take action to avoid it.
> 
> Not if one logs out remotely.

What do you mean by that?

Cheers,

Ivo