Hello Andrea, or anyone else affected, Accepted unity into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unity/7.2.4+14.04.20150316-0ubuntu1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: unity (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1413790 Title: It's possible to bypasss lockscreen if user is in nopasswdlogin group. Status in Unity: Fix Released Status in Unity 7.2 series: In Progress Status in unity package in Ubuntu: Fix Released Status in unity source package in Trusty: Fix Committed Bug description: [IMPACT] A user is presented with a password dialog even if a member of the nopasswdlogin group (and may not have a password). [TEST CASE] (1) Create a test user. (2) Add the test user to the nopasswdlogin group. (3) Log in to a Unity session using that acocunt. (4) Lock the screen. (5) Attempt to unlock the screen: no password prompt should be presented. [REGRESSION POTENTIAL] Conceivably allowing a login with no authentication could present unexpected vulnerabilities in which unforseen code paths also exercise this function. Care has been taken by the developer to avoid such cases. [OTHER INFO] The fix for Ubuntu 14.04 LTS was cherry picked from the Ubuntu "Vivid Vervet" dev release where it has been in production use for some time without apparent regression. To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1413790/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
