Control: tags 987149 + patch
Control: tags 987149 + pending
Dear maintainer,
I've prepared an NMU for xscreensaver (versioned as 5.45+dfsg1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -Nru xscreensaver-5.45+dfsg1/debian/changelog xscreensaver-5.45+dfsg1/debian/changelog
--- xscreensaver-5.45+dfsg1/debian/changelog 2020-12-23 00:09:44.000000000 +0100
+++ xscreensaver-5.45+dfsg1/debian/changelog 2021-06-06 10:28:01.000000000 +0200
@@ -1,3 +1,12 @@
+xscreensaver (5.45+dfsg1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Disable setcap call to set cap_net_raw capabilities on sonar binary in
+ xscreensaver-gl's postinst maintainer script (CVE-2021-31523)
+ (Closes: #987149)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Sun, 06 Jun 2021 10:28:01 +0200
+
xscreensaver (5.45+dfsg1-1) unstable; urgency=low
* New upstream release 5.45
diff -Nru xscreensaver-5.45+dfsg1/debian/xscreensaver-gl.postinst xscreensaver-5.45+dfsg1/debian/xscreensaver-gl.postinst
--- xscreensaver-5.45+dfsg1/debian/xscreensaver-gl.postinst 2020-12-23 00:09:44.000000000 +0100
+++ xscreensaver-5.45+dfsg1/debian/xscreensaver-gl.postinst 2021-06-06 10:28:01.000000000 +0200
@@ -17,8 +17,9 @@
fi
fi
-# Apply capabilities to sonar hack so it doesnt need to be setuid root
-which setcap > /dev/null &&
- setcap cap_net_raw=p /usr/libexec/xscreensaver/sonar
+# Disabled call until update to 6.00 (Cf. #987149, CVE-2021-31523)
+## Apply capabilities to sonar hack so it doesnt need to be setuid root
+#which setcap > /dev/null &&
+# setcap cap_net_raw=p /usr/libexec/xscreensaver/sonar
#DEBHELPER#
