Package: gnome-screensaver Version: 2.14.0-1 Severity: critical Tags: security Justification: user security hole
gnome-screensaver does not make use of the XF86MiscSetGrabKeysState function to disable the user's ability to kill the screensaver by hitting Ctrl+Alt+Keypad-Minus or -Plus. I reported this upstream[0] and it was fixed for 2.14; however it appears that the Debian packages don't have this functionality enabled at build time[1]: checking for XF86MiscSetGrabKeysState in -lXxf86misc... no I think that making gnome-screensaver build-depend on libxxf86misc-dev will fix this bug. [0] http://bugzilla.gnome.org/show_bug.cgi?id=326663 [1] http://buildd.debian.org/fetch.php?&pkg=gnome-screensaver&ver=2.14.0-1&arch=powerpc&stamp=1142594892&file=log&as=raw -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.15-1-k7 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages gnome-screensaver depends on: ii gconf2 2.13.5-1 GNOME configuration database syste ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit ii libaudiofile0 0.2.6-6 Open-source version of SGI's audio ii libavahi-client3 0.6.7-1 Avahi client library ii libavahi-common3 0.6.9-5 Avahi common library ii libavahi-compat-howl0 0.6.7-1 Avahi Howl compatibility library ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library ii libbonoboui2-0 2.10.1-2 The Bonobo UI library ii libc6 2.3.6-3 GNU C Library: Shared libraries an ii libcairo2 1.0.2-3 The Cairo 2D vector graphics libra ii libdbus-1-2 0.61-4 simple interprocess messaging syst ii libdbus-glib-1-2 0.61-4 simple interprocess messaging syst ii libesd-alsa0 [libesd0] 0.2.36-3 Enlightened Sound Daemon (ALSA) - ii libexif12 0.6.12-2 library to parse EXIF files ii libfontconfig1 2.3.1-2 generic font configuration library ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libgamin0 [libfam0] 0.1.7-3 Client library for the gamin file ii libgconf2-4 2.13.5-1 GNOME configuration database syste ii libgcrypt11 1.2.2-1 LGPL Crypto library - runtime libr ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.10.1-1 The GLib library of C routines ii libgnome-keyring0 0.4.8-1 GNOME keyring services library ii libgnome-menu2 2.12.0-2.1 an implementation of the freedeskt ii libgnome2-0 2.12.0.1-5 The GNOME 2 library - runtime file ii libgnomecanvas2-0 2.12.0-2 A powerful object-oriented display ii libgnomeui-0 2.12.1-1 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.13.92-1 GNOME virtual file-system (runtime ii libgnutls12 1.2.9-2 the GNU TLS library - runtime libr ii libgpg-error0 1.2-1 library for common error values an ii libgtk2.0-0 2.8.13-1 The GTK+ graphical user interface ii libice6 6.9.0.dfsg.1-4 Inter-Client Exchange library ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii liborbit2 1:2.12.4-1 libraries for ORBit2 - a CORBA ORB ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libpango1.0-0 1.10.4-1 Layout and rendering of internatio ii libpng12-0 1.2.8rel-5 PNG library - runtime ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 6.9.0.dfsg.1-4 X Window System Session Management ii libtasn1-2 0.2.17-1 Manage ASN.1 structures (runtime) ii libx11-6 6.9.0.dfsg.1-4 X Window System protocol client li ii libxcursor1 1.1.3-1 X cursor management library ii libxext6 6.9.0.dfsg.1-4 X Window System miscellaneous exte ii libxi6 6.9.0.dfsg.1-4 X Window System Input extension li ii libxinerama1 6.9.0.dfsg.1-4 X Window System multi-head display ii libxml2 2.6.23.dfsg.2-2 GNOME XML library ii libxrandr2 6.9.0.dfsg.1-4 X Window System Resize, Rotate and ii libxrender1 1:0.9.0.2-1 X Rendering Extension client libra ii libxss1 6.9.0.dfsg.1-4 X Screen Saver client-side library ii libxxf86vm1 6.9.0.dfsg.1-4 X Video Mode selection library ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
