Bug#311683: marked as done (xscreensaver: under some circumstances KDE screensaver can show porn)
Your message dated Thu, 01 Sep 2005 11:02:21 -0700
with message-id <E1EAtOH-000207-00@spohr.debian.org>
and subject line Bug#316900: fixed in kdeartwork 4:3.4.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Jun 2005 18:20:25 +0000
>From reply-debian-05@armiento.net Thu Jun 02 11:20:25 2005
Return-path: <reply-debian-05@armiento.net>
Received: from cow.theophys.kth.se [130.237.25.17]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1DduIq-00054g-00; Thu, 02 Jun 2005 11:20:25 -0700
Received: (qmail 10490 invoked from network); 2 Jun 2005 18:20:44 -0000
Received: from roo.theophys.kth.se (HELO ?127.0.0.1?) (130.237.25.150)
by 0 with SMTP; 2 Jun 2005 18:20:44 -0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "R. Armiento" <reply-debian-05@armiento.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xscreensaver: web collage screensaver makes debian "default install" of kde
show porn
X-Mailer: reportbug 3.8
Date: Thu, 02 Jun 2005 20:19:06 +0200
Message-Id: <E1DduIq-00054g-00@spohr.debian.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: xscreensaver
Version: 4.21-3
Severity: important
The main kde package 'kde' depends on xscreensaver. Now, if I
understand this issue correctly, KDE has its own "randomization engine"
for screensavers. This makes it ignore xscreensavers settings for what
screensavers should be included in 'random screensaver' and instead
randomize over all installed screensavers (at least that is how it
seems to work per default). I *think* KDE's default setting for new
users is to randomize screensavers; but even if it isn't, it is very
easy for an experimenting user to flip this setting on, unaware of the
'risks' of running the web collage screensaver.
Result: without any deliberate action, a user running on a "default" debian
install of KDE runs the risk of suddenly showing pornographic images on
the screen (fetched and shown by the 'web collage' screensaver). I have
seen this happen.
While 'web collage' is a truly original screensaver based on a fun idea,
the thing is, there are workplace environments where this could potentially
get people fired or sued. Hence, I think it is resonable to try to avoid any
accidental activation. Just like there is a fortune-off package for potentially
offending fortunes, I suggest moving 'web collage' to a separate package
'xscreensaver-off'.
However, if the maintainer feels this is not an xscreensaver
problem, but rather an issue with kde's random screensaver
option, feel free to forward this bug report to the kde maintainers.
Also, just as a side note: another reason to avoid 'web collage' to
be activated unintentionally is that it is a significantly higher
security risk than any of the other screensavers, in that it might
pull an image from the web that exploits a buffer overflow in
the picture library.
//Rickard
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages xscreensaver depends on:
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libglade2-0 1:2.4.2-2 library to load .glade files at ru
ii libglib2.0-0 2.6.4-1 The GLib library of C routines
ii libgtk2.0-0 2.6.4-1 The GTK+ graphical user interface
ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii libjpeg62 6b-10 The Independent JPEG Group's JPEG
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio
ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii libxml2 2.6.16-7 GNOME XML library
ii libxmu6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous util
ii libxpm4 4.3.0.dfsg.1-12.0.1 X pixmap library
ii libxrandr2 4.3.0.dfsg.1-12.0.1 X Window System Resize, Rotate and
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii libxt6 4.3.0.dfsg.1-12.0.1 X Toolkit Intrinsics
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
---------------------------------------
Received: (at 316900-close) by bugs.debian.org; 1 Sep 2005 18:08:36 +0000
>From katie@spohr.debian.org Thu Sep 01 11:08:36 2005
Return-path: <katie@spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EAtOH-000207-00; Thu, 01 Sep 2005 11:02:21 -0700
From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
To: 316900-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#316900: fixed in kdeartwork 4:3.4.2-1
Message-Id: <E1EAtOH-000207-00@spohr.debian.org>
Sender: Archive Administrator <katie@spohr.debian.org>
Date: Thu, 01 Sep 2005 11:02:21 -0700
Delivered-To: 316900-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4
Source: kdeartwork
Source-Version: 4:3.4.2-1
We believe that the bug you reported is fixed in the latest version of
kdeartwork, which is due to be installed in the Debian FTP archive:
kdeartwork-emoticons_3.4.2-1_all.deb
to pool/main/k/kdeartwork/kdeartwork-emoticons_3.4.2-1_all.deb
kdeartwork-misc_3.4.2-1_all.deb
to pool/main/k/kdeartwork/kdeartwork-misc_3.4.2-1_all.deb
kdeartwork-style_3.4.2-1_i386.deb
to pool/main/k/kdeartwork/kdeartwork-style_3.4.2-1_i386.deb
kdeartwork-theme-icon_3.4.2-1_all.deb
to pool/main/k/kdeartwork/kdeartwork-theme-icon_3.4.2-1_all.deb
kdeartwork-theme-window_3.4.2-1_i386.deb
to pool/main/k/kdeartwork/kdeartwork-theme-window_3.4.2-1_i386.deb
kdeartwork_3.4.2-1.diff.gz
to pool/main/k/kdeartwork/kdeartwork_3.4.2-1.diff.gz
kdeartwork_3.4.2-1.dsc
to pool/main/k/kdeartwork/kdeartwork_3.4.2-1.dsc
kdeartwork_3.4.2-1_all.deb
to pool/main/k/kdeartwork/kdeartwork_3.4.2-1_all.deb
kdeartwork_3.4.2.orig.tar.gz
to pool/main/k/kdeartwork/kdeartwork_3.4.2.orig.tar.gz
kdewallpapers_3.4.2-1_all.deb
to pool/main/k/kdeartwork/kdewallpapers_3.4.2-1_all.deb
kscreensaver-xsavers_3.4.2-1_i386.deb
to pool/main/k/kdeartwork/kscreensaver-xsavers_3.4.2-1_i386.deb
kscreensaver_3.4.2-1_i386.deb
to pool/main/k/kdeartwork/kscreensaver_3.4.2-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 316900@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdeartwork package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 1 Sep 2005 18:52:58 +0200
Source: kdeartwork
Binary: kdeartwork-misc kdeartwork-emoticons kdeartwork-theme-window kscreensaver kdeartwork-theme-icon kdeartwork-style kdeartwork kdewallpapers kscreensaver-xsavers
Architecture: source all i386
Version: 4:3.4.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description:
kdeartwork - themes, styles and more from the official KDE release
kdeartwork-emoticons - emoticon collections for KDE chat clients
kdeartwork-misc - various multimedia goodies released with KDE
kdeartwork-style - widget styles released with KDE
kdeartwork-theme-icon - icon themes released with KDE
kdeartwork-theme-window - window decoration themes released with KDE
kdewallpapers - wallpapers released with KDE
kscreensaver - additional screen savers released with KDE
kscreensaver-xsavers - KDE hooks for standard xscreensavers
Closes: 278263 310866 311683 316900 317202 322008
Changes:
kdeartwork (4:3.4.2-1) unstable; urgency=low
.
* New upstream release.
.
* Rebuild (Closes: #317202)
.
+++ Changes by Christopher Martin:
.
* Replace the build-dep on xlibmesa-glu-dev with libglu1-xorg-dev for the
X.Org transition.
.
* Remove the dummy transitional package kdeartwork-theme-desktop, as Sarge
was released and Woody --> Sarge upgrades are no longer a concern.
(Closes: #322008)
.
* Don't install webcollage.desktop. This effectively disables that
screensaver, removing it from the random screensaver's pool, preventing
the inadvertent display of completely random pictures from the Internet.
(Closes: #311683, #316900)
.
* The necessary files for the pinion screensaver are now installed.
(Closes: #310866)
.
+++ Changes by Luk Claes:
.
* Added me to uploaders
.
kdeartwork (4:3.4.1-1) experimental; urgency=low
.
* New upstream release.
.
kdeartwork (4:3.4.0-0pre2) alioth; urgency=low
.
* New upstream release.
.
+++ Changes by Christopher Martin:
.
* Converted packaging to CDBS.
* Added a new package, kdeartwork-emoticons (containing the former
Kopete emoticons, now usable by everyone).
* Forward port a patch from KDE 3.3 that fixes the building of the
KFireSaver screensaver.
* Lower kscreensaver-xsavers's dependency on xscreensaver-gl to a Recommends.
(Closes: #278263)
Files:
20d246f73ff9a8f712bc72941623b5ff 1213 kde optional kdeartwork_3.4.2-1.dsc
62ec4b454bee0f244019779865c13ef4 18456475 kde optional kdeartwork_3.4.2.orig.tar.gz
21ff9471e4706209f1093ec5e27b3cda 130939 kde optional kdeartwork_3.4.2-1.diff.gz
20a6aaf6cf875f09db840fb3702d4a89 8790 kde optional kdeartwork_3.4.2-1_all.deb
bca8af136a86e71e317b0bcd2a89ade7 106038 kde optional kdeartwork-emoticons_3.4.2-1_all.deb
ee6b8b12ce68dd24866391b17cdaf140 3419008 kde optional kdeartwork-misc_3.4.2-1_all.deb
3d14aa933c19ffbeda79e9cadabfda3a 10875682 kde optional kdeartwork-theme-icon_3.4.2-1_all.deb
ba9c0e3e66f647a5c5cbd1e8a0da9b08 2272532 kde optional kdewallpapers_3.4.2-1_all.deb
c2cfd48bb8d1da1a945958b393489e81 86052 kde optional kdeartwork-style_3.4.2-1_i386.deb
dbba722a6fa7ee2ef6ba7423e2d0d3a0 314074 kde optional kdeartwork-theme-window_3.4.2-1_i386.deb
5b72b1ad19ace6b9b573e7c797ef575b 814488 kde optional kscreensaver_3.4.2-1_i386.deb
801fe7d8741e228fc87b0164cefaf8c4 160154 kde optional kscreensaver-xsavers_3.4.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDFzaG5UTeB5t8Mo0RAhJDAJ4x7o0ZzXbEnGyXp5/PpXqw94PprgCgzzDA
e1H4hFFPKSdIrES7+PMJLHg=
=uFwB
-----END PGP SIGNATURE-----
Reply to: