Your message dated Thu, 23 Oct 2014 03:21:28 +0000 with message-id <e1xh8xs-0001ay...@franck.debian.org> and subject line Bug#740163: fixed in lxsession 0.5.1-1 has caused the Debian Bug report #740163, regarding lxsession: lxlock/dm-tool lock is easily circumvented to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 740163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: lxsession Version: 0.4.9.2-1 Severity: grave Tags: security Justification: user security hole Dear Maintainer, as described in bug #735854, locking doesn't work. It's a serious problem because after invoking lxlock the screen switches to VT8 with a login prompt and it looks like it locked the screen. The reality is the session stays unlocked and you can return to it with Ctrl-Alt-F7. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lxsession depends on: ii libatk1.0-0 2.10.0-2 ii libc6 2.17-97 ii libcairo2 1.12.16-2 ii libdbus-1-3 1.8.0-1 ii libdbus-glib-1-2 0.102-1 ii libfontconfig1 2.11.0-2 ii libfreetype6 2.5.2-1 ii libgdk-pixbuf2.0-0 2.28.2-1+b1 ii libgee2 0.6.8-1 ii libglib2.0-0 2.38.2-5 ii libgtk2.0-0 2.24.22-1 ii libpango-1.0-0 1.36.0-1+b1 ii libpangocairo-1.0-0 1.36.0-1+b1 ii libpangoft2-1.0-0 1.36.0-1+b1 ii libpolkit-agent-1-0 0.105-4 ii libpolkit-gobject-1-0 0.105-4 ii libx11-6 2:1.6.2-1 Versions of packages lxsession recommends: ii consolekit 0.4.6-3+b1 ii lxde-common 0.5.5-6 ii openbox [x-window-manager] 3.5.2-6 ii openssh-client [ssh-client] 1:6.5p1-4 ii upower 0.9.23-2+b1 Versions of packages lxsession suggests: ii gpicview 0.2.4-1 ii lxpanel 0.5.12-3 ii pcmanfm 1.1.2-1 -- debconf-show failed
--- End Message ---
--- Begin Message ---Source: lxsession Source-Version: 0.5.1-1 We believe that the bug you reported is fixed in the latest version of lxsession, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 740...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andriy Grytsenko <and...@rep.kiev.ua> (supplier of updated lxsession package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 18 Oct 2014 03:32:50 +0300 Source: lxsession Binary: lxsession lxsession-dbg Architecture: source amd64 Version: 0.5.1-1 Distribution: unstable Urgency: medium Maintainer: Debian LXDE Maintainers <lxde-deb...@lists.lxde.org> Changed-By: Andriy Grytsenko <and...@rep.kiev.ua> Description: lxsession - LXDE default session manager lxsession-dbg - LXDE default session manager (debug) Closes: 704347 719614 721466 731489 731865 739166 740163 746193 752423 753875 756005 764305 Changes: lxsession (0.5.1-1) unstable; urgency=medium . [ Andriy Grytsenko ] * Adding --disable-silent-rules to fix buildlog checker warning. * Bump Standards-Version to 3.9.5. * Removing Daniel Baumann from Uploaders by his request (Closes: #704347). * Updating watch file to support XZ tarball format and non-numeric versions. . [ Mateusz Ĺukasik ] * Remove valac-0.14 from build depends. (Closes: #739166) * Add lsb-release to depends. (Closes: #719614, #731865) . [ Andriy Grytsenko ] * Merging upstream version 0.5.0: - Fixed too big CPU consumption (Closes: #721466). - Fixed working of reboot and shutdown (Closes: #731489). - Removed easily circumvented dm-tool lock usage (Closes: #740163). - Fixed duplicated network-manager-gnome autostart (Closes: #746193). - Increased dbus timeout for password query (Closes: #756005). * Removing 03-libx11-linking.patch, issue is fixed by upstream. * Adding relations with lxsession-default-apps (for Ubuntu compatibility). * Adding Provides: policykit-1-gnome for lxpolkit and lxsession since they provide that functionality. * Adding versioned dependency on upower (<< 0.99) (Closes: #752423). * Adding variant dependency systemd [linux-any] for lxsession-logout (Closes: #764305). * Removing build dependency on libgee-dev (Closes: #753875). * Enabling parallel build (pass --parallel to dh). * Removing override_dh_auto_test target, issue was fixed by upstream. * Removing obsolete target override_dh_builddeb from debian/rules file. * Removing build dependencies to build C code from VALA and man from XML, they were never used since original tarball contains all code ready. * Adding myself to uploaders. * Bump Standards-Version to 3.9.6. * Updating debian/copyright file. * Adding a lintian override against word 'desactivate' used in button name. * Merging upstream version 0.5.1. * Adding etc/xdg/autostart/lxpolkit.desktop into the package. * Adding manpages provided by upstream to lxsession package. * Removing lintian override for lxlock, it has a man page now. * Removing --enable-buildin-polkit option from configure, it doesn't work currently. * Adding --fail-missing option to dh_install. * Adding lintian override against debian-watch-may-check-gpg-signature. * Adding 01-no-dup-polkit.patch to avoid duplicate lxpolkit invocation. Checksums-Sha1: 1f58304e4e078256e7c3bf5be6d181b1eda7ebf6 2071 lxsession_0.5.1-1.dsc 3419802c9e7269093900dd5fd4948acb95dec253 345568 lxsession_0.5.1.orig.tar.xz 58a5bf3963314c09f19552b684b1f32b33ee5376 7320 lxsession_0.5.1-1.debian.tar.xz b4eb437db53789e073bc8cc17b3c9526d52a9868 208456 lxsession_0.5.1-1_amd64.deb ba33ef3fa3d299be3996ff752417f03d3fffb4fc 589750 lxsession-dbg_0.5.1-1_amd64.deb Checksums-Sha256: bb842c8d2c39fc0c754f9baec3c6e7c946c579ffb9648d662b9b487a0386c992 2071 lxsession_0.5.1-1.dsc 7a9c58a0d9cecc943441c0e8c4cde06516d14b7e370f9aeacebafd9f386badc7 345568 lxsession_0.5.1.orig.tar.xz 7a98f12befd4f7934d80f0ea344ef1867c9027af7aa804d4f1f6c7d18c95cc0d 7320 lxsession_0.5.1-1.debian.tar.xz 5a74af20d64e9792936ded86783ca065531a6c809facb7c054628ecb859df8dd 208456 lxsession_0.5.1-1_amd64.deb 3159f554fb93f0d9b8798defb7cff81080c4196e21dd1775a13a3f39669f9d21 589750 lxsession-dbg_0.5.1-1_amd64.deb Files: bdb4770e0e68193f528b16a022d6d570 2071 x11 optional lxsession_0.5.1-1.dsc 39bf77d637fbe40318f91d0d888127fc 345568 x11 optional lxsession_0.5.1.orig.tar.xz 83edbf963549c31e5a2d61ca654e0a60 7320 x11 optional lxsession_0.5.1-1.debian.tar.xz fdd86276809edd6cf3f6e9a06a9c21a4 208456 x11 optional lxsession_0.5.1-1_amd64.deb b389971c617d65ce56c6fc3cd22cdc27 589750 debug extra lxsession-dbg_0.5.1-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJUSF+qAAoJEAxI6ip6j/17wz8P/1B0m5+Xg3eia4XsjAjZuCao vAHWRobLFoSUAHH8W038cq6y/W9nPY7BCi53T0YNWIostTlLs5hp8lUqjGj9aTyi 0/m9V6JrWNzTanq+00aEHgxqjKbH/ETdFik2tm2YfyUb7GjpgiADrRi2E1wzmAWU q8wxIAX4N6DPv1PH0LnUjBZRLCK6YKVpcs76SNH9MHpNs5q6u13V0qNPwOKIbfrl 6/6ZCIHRVct/Y7aK+pBaL6lwf3q4JkMFkzt0cnyITTJJE6rQD9CFEXZjMXGfySD5 VT3NuPcf6cWaPxdADgfxjK1Jl7h4DwlQaQyf6IhOnk73k4lr3LciQcpkTLYSB5Qx LXfwXDpNz8Li4tAg9S3GCTPCaym1672iXBx8PFunAWH2ACm2VlYY5VEmdi+RORDJ 0UD8K9gHBraRdbDklvONi8RO0HIJVjtUANgHIvOaIu5JKl+67pXCj2DwwWMd3ixv gyQTRQlvF2hD8tHoo6B7nuyzUHJrCvx66GhVmnTbGjmgJjCfGluCgvWtD0uexwk0 jMAMpzVbraH1oorWxXhTXd54jOl8V7PQIM9VQj31aOoRIOa5uUmcVFndsFrUNvnu 35oUiHrA/dW30iQ/VQgg4cu7j2n374XBHoVQGqcsH7BH7Uh0CHAWF3Q+ZWRe1BFM bfXtsv/M9awMKG+WWshl =t4Yz -----END PGP SIGNATURE-----
--- End Message ---
