On Tue, 6 Nov 2007 01:52:56 pm Jamie Zawinski wrote: > On Nov 5, 2007, at 4:11 PM, Steffen Joeris wrote: > > With this patch, xscreensaver fails to build: > > Sorry, typo: pw->prompt_screen should have been pw->prompt_screen- > > >screen. Revised patch: The patch works and the crash is gone.
I also attached an NMU proposal for this bug. I'll upload as soon as ftp-master is back online (please tell me, if you want to take of that by yourself). Cheers Steffen
diff -u xscreensaver-5.03/debian/changelog xscreensaver-5.03/debian/changelog --- xscreensaver-5.03/debian/changelog +++ xscreensaver-5.03/debian/changelog @@ -1,3 +1,12 @@ +xscreensaver (5.03-3.1) unstable; urgency=high + + * Non-maintainer upload by the testing-security team + * Include upstream patch to fix crash with gl screensavers, which + leads to an authentication bypass (Closes: 448157) + Fixes: CVE-2007-5585 + + -- Steffen Joeris <[EMAIL PROTECTED]> Tue, 06 Nov 2007 15:06:56 +1100 + xscreensaver (5.03-3) unstable; urgency=low * Added `gdm' to the Build-Depends field since is needed to build with only in patch2: unchanged: --- xscreensaver-5.03.orig/driver/lock.c +++ xscreensaver-5.03/driver/lock.c @@ -1076,8 +1076,10 @@ pw->user_entry_pixmap = 0; } - pw->user_entry_pixmap = XCreatePixmap(si->dpy, si->passwd_dialog, - rects[0].width, rects[0].height, pw->prompt_screen->current_depth); + pw->user_entry_pixmap = + XCreatePixmap(si->dpy, si->passwd_dialog, + rects[0].width, rects[0].height, + DefaultDepthOfScreen (pw->prompt_screen->screen)); XFillRectangle (si->dpy, pw->user_entry_pixmap, gc2,
signature.asc
Description: This is a digitally signed message part.
