Mark Nipper
2012-Jan-19 18:05 UTC
[Secure-testing-team] Bug#656500: xkb-data: XF86_Ungrab and XF86_ClearGrab security hole upstream
Package: xkb-data Version: 2.3-2 Severity: grave Tags: security upstream Justification: user security hole As originally reported at: --- http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/ and further syndicated by: --- http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA the currently shipping version of this package contains a rather glaring security hole with regards to locking screen savers under X. Fix seems to be commenting any references to XF86_Ungrab and XF86_ClearGrab, at least for the time being. I''m not sure what the long term fix will be (reintroducing previously removed functionality possibly). -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (700, ''testing''), (600, ''unstable''), (500, ''stable''), (1, ''experimental'') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- no debconf information