Hi Tormod, On Sun, Apr 18, 2021 at 07:04:37PM +0200, Salvatore Bonaccorso wrote: > Hi Tormod, > > [Adding the team@s.d.o to CC as we do not automatically follow > security tagged bugs] > > On Sun, Apr 18, 2021 at 06:57:53PM +0200, Tormod Volden wrote: > > Indeed, as Jamie points out, the problem is in Mesa. > > > > Salvatore, why did you file this against xscreensaver? I thought you > > had followed the e-mail discussion we had with Tavis? > > Sure I did as I'm on the team alias as well. Given it looks unlikely > that mesa will fix it (at the moment?) I though/think we should > probably do something on xscreensaver's side in Debian as well. > > Is the sonar screensaver frequently used? How about dropping it > instead? Thinking about it in the last hour this raised to be a > possible option to not expose the bug.
Another option would be to extract the needed changes from 6.00 upstream accordingly if the thread in https://www.openwall.com/lists/oss-security/2021/04/17/1 gives us no other solutions. Regards, Salvatore
