Package: xkb-data
Version: 2.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
As originally reported at:
---
http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/
and further syndicated by:
---
http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
the currently shipping version of this package contains a rather glaring
security hole with regards to locking screen savers under X.
Fix seems to be commenting any references to XF86_Ungrab and
XF86_ClearGrab, at least for the time being. I'm not sure what the long
term fix will be (reintroducing previously removed functionality
possibly).
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (700, 'testing'), (600, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- no debconf information
--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/20120119180541.27147.30757.report...@ginaz.laits.utexas.edu
