Your message dated Fri, 05 Mar 2004 16:41:44 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Fixed in KDE 3.2, which just entered unstable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Jan 2004 05:41:37 +0000
>From [EMAIL PROTECTED] Thu Jan 01 23:41:28 2004
Return-path: <[EMAIL PROTECTED]>
Received: from aoi.dyndns.org [69.17.34.240]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AcHqe-0005UL-00; Thu, 01 Jan 2004 23:27:49 -0600
Received: by aoi.dyndns.org (Postfix, from userid 1001)
id 80F98BE400C; Thu, 1 Jan 2004 21:27:48 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Alexander Hvostov <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: kscreensaver: XFree86 server flags
AllowDeactivateGrabs/AllowClosedownGrabs
cause security breach.
X-Mailer: reportbug 2.37
Date: Thu, 01 Jan 2004 21:27:48 -0800
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin
2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_29
(1.212-2003-09-23-exp) on master.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no
version=2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_29
X-Spam-Level:
Package: kscreensaver
Version: 4:3.1.4-2
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
'kscreensaver' does not properly deal with the XFree86 server options
AllowDeactivateGrabs and AllowClosedownGrabs. Invoking the key combinations
enabled by these options allows one to bypass kscreensaver's locking of the
display, causing a breach of security. Therefore, these options cannot safely
be used with kscreensaver when locking of the display is required. Apparently
there is an API for dealing with this; please see #225762.
- -- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux cornerstone 2.6.0 #16 Sat Dec 27 15:15:08 PST 2003 i686
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages kscreensaver depends on:
ii kdelibs4 4:3.1.4-3 KDE core libraries
ii libart-2.0-2 2.3.16-1 Library of functions for 2D graphi
ii libaudio2 1.6a-1 The Network Audio System (NAS). (s
ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an
ii libfam0c102 2.6.10-6 client library to control the FAM
ii libfontconfig1 2.2.1-13 generic font configuration library
ii libfreetype6 2.1.7-1 FreeType 2 font engine, shared lib
ii libgcc1 1:3.3.3-0pre1 GCC support library
ii libpng12-0 1.2.5.0-4 PNG library - runtime
ii libqt3c102-mt 3:3.2.1-6 Qt GUI Library (Threaded runtime v
ii libstdc++5 1:3.3.3-0pre1 The GNU Standard C++ Library v3
ii libxcursor1 1.0.2-2 X Cursor management library
ii libxft2 2.1.2-5 FreeType-based font drawing librar
ii libxrender1 0.8.3-5 X Rendering Extension client libra
ii xlibmesa3-gl [libgl1] 4.2.1-14 Mesa 3D graphics library [XFree86]
ii xlibmesa3-glu [libglu1] 4.2.1-14 Mesa OpenGL utility library [XFree
ii xlibs 4.2.1-14 X Window System client libraries
ii zlib1g 1:1.2.1-3 compression library - runtime
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/9QFUtHQW4HWNftkRAk/0AJ456H8kdb3DLVupcp83/GWh0kcwVgCfb924
Krsq0aXTGrfYYXyhJDYzQL0=
=Pm1f
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 225866-close) by bugs.debian.org; 5 Mar 2004 15:41:12 +0000
>From [EMAIL PROTECTED] Fri Mar 05 07:41:11 2004
Return-path: <[EMAIL PROTECTED]>
Received: from nibbel.kulnet.kuleuven.ac.be [134.58.240.41]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AzHRn-0003kL-00; Fri, 05 Mar 2004 07:41:11 -0800
Received: from localhost (localhost [127.0.0.1])
by nibbel.kulnet.kuleuven.ac.be (Postfix) with ESMTP
id B960E4B861; Fri, 5 Mar 2004 16:40:32 +0100 (CET)
Received: from antonius.kulnet.kuleuven.ac.be (antonius.kulnet.kuleuven.ac.be
[134.58.240.73])
by nibbel.kulnet.kuleuven.ac.be (Postfix) with ESMTP
id 19FCB4BAC4; Fri, 5 Mar 2004 16:40:32 +0100 (CET)
Received: from appel (domi.kotnet.org [10.0.57.168])
by antonius.kulnet.kuleuven.ac.be (Postfix) with ESMTP
id E3F6E4C0D1; Fri, 5 Mar 2004 16:40:31 +0100 (CET)
Received: from domi by appel with local (Exim 3.36 #1 (Debian))
id 1AzHSK-0002af-00; Fri, 05 Mar 2004 16:41:44 +0100
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Fixed in KDE 3.2, which just entered unstable
From: Dominique Devriese <[EMAIL PROTECTED]>
Date: Fri, 05 Mar 2004 16:41:44 +0100
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through
Obscurity, linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: Dominique Devriese <[EMAIL PROTECTED]>
X-Virus-Scanned: by KULeuven Antivirus Cluster
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_05
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no
version=2.60-bugs.debian.org_2004_03_05
X-Spam-Level:
Closing 29 bugs that have been fixed upstream in KDE 3.2, which was
just uploaded to unstable.
cheers
domi
