Debian Bug report logs -
#569667
CVE-2009-4641: allows physically proximate attackers to access an unattended workstation
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Sat, 13 Feb 2010 10:06:02 UTC
Severity: serious
Tags: security
Fixed in version 2.28.0-2
Done: Giuseppe Iuculano <iuculano@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, gpastore@debian.org (Guilherme de S. Pastore)
:
Bug#569667
; Package gnome-screensaver
.
(Sat, 13 Feb 2010 10:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, gpastore@debian.org (Guilherme de S. Pastore)
.
(Sat, 13 Feb 2010 10:06:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: gnome-screensaver
Version: 2.28.2-1
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnome-screensaver.
CVE-2009-4641[0]:
| gnome-screensaver 2.28.0 does not resume adherence to its activation
| settings after an inhibiting application becomes unavailable on the
| session bus, which allows physically proximate attackers to access an
| unattended workstation on which screen locking had been intended.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4641
http://security-tracker.debian.org/tracker/CVE-2009-4641
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkt2eRIACgkQNxpp46476aqbhACeNDF0BLFItAXsh7rk6EA/2RxX
M7oAn2XrICAIfQf07JUjnWMUM5lou11F
=HlQu
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, gpastore@debian.org (Guilherme de S. Pastore)
:
Bug#569667
; Package gnome-screensaver
.
(Mon, 15 Feb 2010 18:12:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Emilio Pozuelo Monfort <pochu@debian.org>
:
Extra info received and forwarded to list. Copy sent to gpastore@debian.org (Guilherme de S. Pastore)
.
(Mon, 15 Feb 2010 18:12:05 GMT) (full text, mbox, link).
Message #10 received at 569667@bugs.debian.org (full text, mbox, reply):
forcemerge 560049 569667
thanks
On 13/02/10 11:04, Giuseppe Iuculano wrote:
> CVE-2009-4641[0]:
> | gnome-screensaver 2.28.0 does not resume adherence to its activation
> | settings after an inhibiting application becomes unavailable on the
> | session bus, which allows physically proximate attackers to access an
> | unattended workstation on which screen locking had been intended.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
This is already fixed in unstable, though it doesn't have the CVE in the
changelog entry (we fixed it before the CVE was published).
Emilio
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>
:
You have taken responsibility.
(Tue, 16 Feb 2010 12:54:03 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>
:
Bug acknowledged by developer.
(Tue, 16 Feb 2010 12:54:03 GMT) (full text, mbox, link).
Message #15 received at 569667-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 2.28.0-2
[signature.asc (application/pgp-signature, attachment)]
Bug No longer marked as found in versions gnome-screensaver/2.28.2-1.
Request was from Giuseppe Iuculano <iuculano@debian.org>
to control@bugs.debian.org
.
(Sat, 20 Mar 2010 10:42:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 07 Mar 2011 09:39:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:56:14 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.