Bug#656410: marked as done (xorg-server: screen lockers bypassed via key combo)

To: Cyril Brulebois <kibi@debian.org>
Subject: Bug#656410: marked as done (xorg-server: screen lockers bypassed via key combo)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 19 Jan 2012 10:21:12 +0000
Message-id: <[🔎] handler.656410.D656410.132696834628666.ackdone@bugs.debian.org>
References: <E1Rnp5B-0001rv-58@franck.debian.org> <[🔎] CANTw=MPfaY-5p+cS75ywVgNC6NWXNDTa0D5P-oMBoRP74Qy-mg@mail.gmail.com>

Your message dated Thu, 19 Jan 2012 10:19:01 +0000
with message-id <E1Rnp5B-0001rv-58@franck.debian.org>
and subject line Bug#656410: fixed in xorg-server 2:1.11.3.901-2
has caused the Debian Bug report #656410,
regarding xorg-server: screen lockers bypassed via key combo
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
656410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656410
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject:

From: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Wed, 18 Jan 2012 21:09:32 -0500

Message-id: <[🔎] CANTw=MPfaY-5p+cS75ywVgNC6NWXNDTa0D5P-oMBoRP74Qy-mg@mail.gmail.com>
package: xorg-server
version: 2:1.11.3.901-1
severity: critical
tag: security

A commit introduced in the xorg 1.11 seems to have introduced a key
combination capable of killing all screen locker programs; thus
allowing unauthorized local access to a system.  See:
http://openwall.com/lists/oss-security/2012/01/19/1
--- End Message ---

--- Begin Message ---

To: 656410-close@bugs.debian.org
Subject: Bug#656410: fixed in xorg-server 2:1.11.3.901-2
From: Cyril Brulebois <kibi@debian.org>
Date: Thu, 19 Jan 2012 10:19:01 +0000
Message-id: <E1Rnp5B-0001rv-58@franck.debian.org>

Source: xorg-server
Source-Version: 2:1.11.3.901-2

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive:

xdmx-tools_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xdmx-tools_1.11.3.901-2_amd64.deb
xdmx_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xdmx_1.11.3.901-2_amd64.deb
xnest_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xnest_1.11.3.901-2_amd64.deb
xorg-server_1.11.3.901-2.diff.gz
  to main/x/xorg-server/xorg-server_1.11.3.901-2.diff.gz
xorg-server_1.11.3.901-2.dsc
  to main/x/xorg-server/xorg-server_1.11.3.901-2.dsc
xserver-common_1.11.3.901-2_all.deb
  to main/x/xorg-server/xserver-common_1.11.3.901-2_all.deb
xserver-xephyr_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xserver-xephyr_1.11.3.901-2_amd64.deb
xserver-xfbdev_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xserver-xfbdev_1.11.3.901-2_amd64.deb
xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
  to main/x/xorg-server/xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
xserver-xorg-core_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xserver-xorg-core_1.11.3.901-2_amd64.deb
xserver-xorg-dev_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xserver-xorg-dev_1.11.3.901-2_amd64.deb
xvfb_1.11.3.901-2_amd64.deb
  to main/x/xorg-server/xvfb_1.11.3.901-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 656410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Jan 2012 10:47:49 +0100
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common
Architecture: source all amd64
Version: 2:1.11.3.901-2
Distribution: unstable
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description: 
 xdmx       - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xnest      - Nested X server
 xserver-common - common files used by various X servers
 xserver-xephyr - nested X server
 xserver-xfbdev - Linux framebuffer device tiny X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xvfb       - Virtual Framebuffer 'fake' X server
Closes: 656410
Changes: 
 xorg-server (2:1.11.3.901-2) unstable; urgency=high
 .
   * Revert "XKB: Add debug key actions for grabs & window tree" to stop
     making it possible to bypass X screen locking programs. This is
     CVE-2012-0064 (Closes: #656410).
   * Set urgency to “high” accordingly.
Checksums-Sha1: 
 1e6dace0d5f5018c2e1e578b3e2bdf61ef4b3967 3488 xorg-server_1.11.3.901-2.dsc
 dede7fed734ab143cecb60f78cb30b02bcabb965 397899 xorg-server_1.11.3.901-2.diff.gz
 d4e6eb7ea66fc2b72863aed2c877416cc852912f 1281504 xserver-common_1.11.3.901-2_all.deb
 fc1bd99179d03ca658b2eadf82fcfba40937e40a 1755988 xserver-xorg-core_1.11.3.901-2_amd64.deb
 799da1fe2275251c658ca5d963b5dd68af9fe005 1065498 xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
 f93a3280c5d46736de92b327ef83396fd4e67a1a 310912 xserver-xorg-dev_1.11.3.901-2_amd64.deb
 499e833b4bcc93e0f1848bc84ac5d752c21f3a9e 917248 xdmx_1.11.3.901-2_amd64.deb
 d40393b9bc8829bf786bdffcf3dcfc094d99fd1b 123836 xdmx-tools_1.11.3.901-2_amd64.deb
 c3f38686f090a0eb6fb3fa121464ebac7a8d7199 814288 xnest_1.11.3.901-2_amd64.deb
 43605457e0647872b71c39593274d8f9d6ec5052 914526 xvfb_1.11.3.901-2_amd64.deb
 2d93bf1a35fd0681933c6e514b666177f566ca87 1008822 xserver-xephyr_1.11.3.901-2_amd64.deb
 bee72af9bf07f31e808979267f36b54bf60160d7 929748 xserver-xfbdev_1.11.3.901-2_amd64.deb
 c242fdba8892ba155505d7e15ba9b15892ba7ee1 6218222 xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
Checksums-Sha256: 
 104b0e23f969ae49a41f3ea3accceb6e9ac084dbb77787b457fbf2489febe5ad 3488 xorg-server_1.11.3.901-2.dsc
 5ee906410cbec575f71698e9af231586b0e5c87a180dc9dcbf6361cc3bd56f87 397899 xorg-server_1.11.3.901-2.diff.gz
 01ad51f365a0e4e028816c41f4856bdd124ef9032c5d766330237dce9dbad23f 1281504 xserver-common_1.11.3.901-2_all.deb
 04ba8bb292f1ed8e62cdfa49aae6cb3a76eba4b0c88ca62635cc9cc69252be3d 1755988 xserver-xorg-core_1.11.3.901-2_amd64.deb
 530f494495634c9d06e8bbe8170f64d4dcbf1ea535d72e4a188ee43626d74555 1065498 xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
 b301d855bf5494f6b8ab3e03d7d5fde96d3a01f84cf1bbae24a435c86dd3a3ec 310912 xserver-xorg-dev_1.11.3.901-2_amd64.deb
 a19cfadf9d3e86f19d6a25128b6db5e520603cf3652056746f15e265b3cb558a 917248 xdmx_1.11.3.901-2_amd64.deb
 676c405d8693b08a62498b9869c5dea493f878c69e3bcd98657b9a2dc1038d1f 123836 xdmx-tools_1.11.3.901-2_amd64.deb
 f1c135ccfd0662a00a51dd9444af87157657a2ae24093449f135ac6450e80d23 814288 xnest_1.11.3.901-2_amd64.deb
 258ea189a2afae6fac6a0e25b6630e30ffd14e89836c204703bb7a62d2284c05 914526 xvfb_1.11.3.901-2_amd64.deb
 b8f3cc5361fa790a7364fb18827680346936c80d265a49f2852f01162145fb3d 1008822 xserver-xephyr_1.11.3.901-2_amd64.deb
 0ce79ceea01d67f30431c3818a932c0ee18d73ab456b8e03b939438539d2b2bc 929748 xserver-xfbdev_1.11.3.901-2_amd64.deb
 bade540a6f7a123ae069e8cfdc273330550f5cdd29a47eb0726b4e8da75b60a1 6218222 xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
Files: 
 d7e61075dfde0476e8f842b4839c1123 3488 x11 optional xorg-server_1.11.3.901-2.dsc
 1bf5e0f9bf9bb91b1aafbc7d9c0f5e4c 397899 x11 optional xorg-server_1.11.3.901-2.diff.gz
 ca67f03999c5a5d08c641b8400900ae1 1281504 x11 optional xserver-common_1.11.3.901-2_all.deb
 7d8ab63d2229e58aa66ab1bc24fdfaaf 1755988 x11 optional xserver-xorg-core_1.11.3.901-2_amd64.deb
 556f52cdbe5b0f9b33d972ee5ce65ecb 1065498 debian-installer optional xserver-xorg-core-udeb_1.11.3.901-2_amd64.udeb
 36d136681fe7c5a8470483a6da819d4f 310912 x11 optional xserver-xorg-dev_1.11.3.901-2_amd64.deb
 e8d77ebc2048442af90e837ba0e46635 917248 x11 optional xdmx_1.11.3.901-2_amd64.deb
 78c643fccc9d0cd6d487ced3a9dca735 123836 x11 optional xdmx-tools_1.11.3.901-2_amd64.deb
 fb7563dab3f6efcf60339d03b1aa060a 814288 x11 optional xnest_1.11.3.901-2_amd64.deb
 4fb9e740f073e37c9f1db627b2987c7e 914526 x11 optional xvfb_1.11.3.901-2_amd64.deb
 a5e29d603bdc208cd63558b138aeedff 1008822 x11 optional xserver-xephyr_1.11.3.901-2_amd64.deb
 dbd2306d27a3c5bd25277dc6fc38392e 929748 x11 optional xserver-xfbdev_1.11.3.901-2_amd64.deb
 8cda7abce0cee571eda8260f88cd860c 6218222 debug extra xserver-xorg-core-dbg_1.11.3.901-2_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8X6asACgkQeGfVPHR5Nd2fcACgwFutwp9wSK++skquHT27TVQf
PgoAnA2E8or5xOprLDqfDtGOwji2v+Qw
=UWLy
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#656410:
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Processing of xorg-server_1.11.3.901-2_amd64.changes
Next by Date: xorg-server_1.11.3.901-2_amd64.changes ACCEPTED into unstable
Previous by thread: Bug#656410:
Next by thread: Processed: your mail
Index(es):
- Date
- Thread