Secure testing team - May 2011 - Bug#627382: xscreensaver: Fails to lock screen

Package: xscreensaver
Version: 5.13-1
Severity: grave
Tags: security
Justification: user security hole

Hello,

Steps to reproduce:

    1) launch xscreensaver
    2) launch "xscreensaver-command -lock" in another terminal.
    3) The screen starts to turn blank, but returns to normal again
       immediately after turning fully blank.

At this point xscreensaver has exited with the following message:

   
##############################################################################

    xscreensaver: 11:05:19: X Error!  PLEASE REPORT THIS BUG.
    xscreensaver: 11:05:19: screen 0/0: 0xaf, 0x0, 0x1a00001

   
##############################################################################

    X Error of failed request:  BadMatch (invalid parameter attributes)
      Major opcode of failed request:  131 (DPMS)
      Minor opcode of failed request:  6 (DPMSForceLevel)
      Serial number of failed request:  655
      Current serial number in output stream:  656

    #######################################################################

	If at all possible, please re-run xscreensaver with the command
	line arguments `-sync -verbose -log log.txt'', and reproduce this
	bug.  That will cause xscreensaver to dump a `core'' file to the
	current directory.  Please include the stack trace from that core
	file in your bug report.  *DO NOT* mail the core file itself!  That
	won''t work.  A "log.txt" file will also be written.  Please
*do*
	include the complete "log.txt" file with your bug report.

	http://www.jwz.org/xscreensaver/bugs.html explains how to create
	the most useful bug reports, and how to examine core files.

	The more information you can provide, the better.  But please
	report this bug, regardless!

    #######################################################################

When I try to reproduce the problem with "xscreensaver -sync -verbose -log
log.txt",
the screensaver does not exit but is stuck at 100% CPU and not
responding.

It seems they have the same problem in Fedora:

    https://bugzilla.redhat.com/show_bug.cgi?id=703483

Laurent.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''stable''), (1, ''experimental'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xscreensaver depends on:
ii  libatk1.0-0              2.0.0-1         The ATK accessibility toolkit
ii  libc6                    2.13-4          Embedded GNU C Library: Shared lib
ii  libcairo2                1.10.2-6        The Cairo 2D vector graphics libra
ii  libfontconfig1           2.8.0-2.2       generic font configuration library
ii  libfreetype6             2.4.4-1         FreeType 2 font engine, shared lib
ii  libgdk-pixbuf2.0-0       2.23.3-3        GDK Pixbuf library
ii  libglade2-0              1:2.6.4-1       library to load .glade files at ru
ii  libglib2.0-0             2.28.6-1        The GLib library of C routines
ii  libgtk2.0-0              2.24.4-3        The GTK+ graphical user interface 
ii  libice6                  2:1.0.7-1       X11 Inter-Client Exchange library
ii  libpam0g                 1.1.2-3         Pluggable Authentication Modules l
ii  libpango1.0-0            1.28.3-6        Layout and rendering of internatio
ii  libsm6                   2:1.2.0-1       X11 Session Management library
ii  libx11-6                 2:1.4.3-1       X11 client-side library
ii  libxext6                 2:1.3.0-1       X11 miscellaneous extension librar
ii  libxi6                   2:1.4.2-1       X11 Input extension library
ii  libxinerama1             2:1.1.1-1       X11 Xinerama extension library
ii  libxml2                  2.7.8.dfsg-2+b1 GNOME XML library
ii  libxmu6                  2:1.1.0-2       X11 miscellaneous utility library
ii  libxpm4                  1:3.5.9-1       X11 pixmap library
ii  libxrandr2               2:1.3.1-1       X11 RandR extension library
ii  libxrender1              1:0.9.6-1       X Rendering Extension client libra
ii  libxt6                   1:1.1.1-1       X11 toolkit intrinsics library
ii  libxxf86vm1              1:1.1.1-1       X11 XFree86 video mode extension l
ii  xscreensaver-data        5.13-1          data files to be shared among scre

Versions of packages xscreensaver recommends:
ii  libjpeg-progs       8c-1                 Programs for manipulating JPEG fil
ii  perl [perl5]        5.10.1-20            Larry Wall''s Practical
Extraction
ii  wamerican [wordlist 6-3                  American English dictionary words 
ii  xli                 1.17.0+20061110-3+b1 command line tool for viewing imag

Versions of packages xscreensaver suggests:
ii  chromium-browser [w 9.0.597.107~r75357-1 Chromium browser
ii  epiphany-browser [w 2.30.6-2             Intuitive GNOME web browser
pn  fortune             <none>               (no description available)
ii  gdm3                2.30.5-10            Next generation GNOME Display Mana
ii  iceweasel [www-brow 3.5.19-2             Web browser based on Firefox
ii  midori [www-browser 0.3.6-1              fast, lightweight graphical web br
pn  qcam | streamer     <none>               (no description available)
ii  w3m [www-browser]   0.5.3-2+b1           WWW browsable pager with excellent
pn  xdaliclock          <none>               (no description available)
pn  xfishtank           <none>               (no description available)
pn  xscreensaver-gl     <none>               (no description available)

-- no debconf information