CVE-2014-1949 was assigned to cinnamon-screensaver. The fix for this issue actually lies in gtk+3.0, in the following commit:
https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4 gtk+3.0 is already fixed in utopic, and we only have connamon- screensaver in utopic. Hence, this issue doesn't have a security impact in trusty. If you would like this fixed in the gtk+3.0 package in trusty, it will need to be done through the SRU process just like other bug fixes. Please see the following for the procedure: https://wiki.ubuntu.com/StableReleaseUpdates ** Also affects: gtk+3.0 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: gtk+3.0 (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: gtk+3.0 (Ubuntu Utopic) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-1949 ** Changed in: gtk+3.0 (Ubuntu Trusty) Status: New => Confirmed ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1366790 Title: Fix for CVE-2014-1949 (GTK 3.10.x) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
