Michal Suchanek
2011-Jun-02 11:57 UTC
[Secure-testing-team] Bug#628917: xscreensaver exits
Package: xscreensaver Version: 5.11-1+b1 Severity: grave Tags: security Justification: user security hole I guess I am experiencing the bug just fixed in unstable on Squeeze: I have this in my .xsession-errors: xscreensaver-command: activating and locking. xscreensaver-command: activating and locking. xscreensaver-command: activating and locking. xscreensaver-command: no screensaver is running on display :0.0 xscreensaver-command: no screensaver is running on display :0.0 meaning that there was no xscreensawer last time I tried to lock the screen. If you rely on xscreensaver to lock your machine then this causes a security hole. I did nothing to terminate xscreensaver and I do not have any logs of it crashing. I am going to upgrade to 5.14 now. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (900, ''stable''), (510, ''unstable''), (500, ''testing''), (200, ''experimental''), (111, ''oldstable''), (107, ''natty'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages xscreensaver depends on: ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcairo2 1.10.2-6 The Cairo 2D vector graphics libra ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib ii libglade2-0 1:2.6.4-1 library to load .glade files at ru ii libglib2.0-0 2.28.6-1 The GLib library of C routines ii libgtk2.0-0 2.24.4-3 The GTK+ graphical user interface ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii libpango1.0-0 1.28.3-6 Layout and rendering of internatio ii libsm6 2:1.1.1-1 X11 Session Management library ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii libxinerama1 2:1.1-3 X11 Xinerama extension library ii libxml2 2.7.8.dfsg-2 GNOME XML library ii libxmu6 2:1.0.5-2 X11 miscellaneous utility library ii libxpm4 1:3.5.8-1 X11 pixmap library ii libxrandr2 2:1.3.0-3 X11 RandR extension library ii libxrender1 1:0.9.6-1 X Rendering Extension client libra ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library ii libxxf86vm1 1:1.1.0-2 X11 XFree86 video mode extension l ii xscreensaver-data 5.11-1+b1 data files to be shared among scre Versions of packages xscreensaver recommends: ii libjpeg-progs 8b-1 Programs for manipulating JPEG fil ii perl [perl5] 5.10.1-17 Larry Wall''s Practical Extraction ii wamerican [wordlist 6-3 American English dictionary words ii xli 1.17.0+20061110-3+b1 command line tool for viewing imag Versions of packages xscreensaver suggests: ii 0.12~pre5-2 advanced text-mode WWW browser ii 7.0~a1~hg20110531r7037 Safe and easy web browser from Moz pn <none> (no description available) ii 3.6.17-1 Web browser based on Firefox ii 2.8.8dev.5-1 Text-mode WWW Browser with NLS sup ii 0.2.4-3 fast, lightweight graphical web br pn <none> (no description available) ii 0.5.2-9 WWW browsable pager with excellent pn <none> (no description available) pn <none> (no description available) ii 5.11-1+b1 GL(Mesa) screen hacks for xscreens -- no debconf information