Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-4641

Source

Debian Bug report logs - #569667
CVE-2009-4641: allows physically proximate attackers to access an unattended workstation

Package: gnome-screensaver; Maintainer for gnome-screensaver is Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>; Source for gnome-screensaver is src:gnome-screensaver (PTS, buildd, popcon).

Reported by: Giuseppe Iuculano <iuculano@debian.org>

Date: Sat, 13 Feb 2010 10:06:02 UTC

Severity: serious

Tags: security

Fixed in version 2.28.0-2

Done: Giuseppe Iuculano <iuculano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, gpastore@debian.org (Guilherme de S. Pastore):
Bug#569667; Package gnome-screensaver. (Sat, 13 Feb 2010 10:06:05 GMT) (full text, mbox, link).

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, gpastore@debian.org (Guilherme de S. Pastore). (Sat, 13 Feb 2010 10:06:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: gnome-screensaver
Version: 2.28.2-1
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnome-screensaver.

CVE-2009-4641[0]:
| gnome-screensaver 2.28.0 does not resume adherence to its activation
| settings after an inhibiting application becomes unavailable on the
| session bus, which allows physically proximate attackers to access an
| unattended workstation on which screen locking had been intended.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4641
    http://security-tracker.debian.org/tracker/CVE-2009-4641


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkt2eRIACgkQNxpp46476aqbhACeNDF0BLFItAXsh7rk6EA/2RxX
M7oAn2XrICAIfQf07JUjnWMUM5lou11F
=HlQu
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, gpastore@debian.org (Guilherme de S. Pastore):
Bug#569667; Package gnome-screensaver. (Mon, 15 Feb 2010 18:12:05 GMT) (full text, mbox, link).

Acknowledgement sent to Emilio Pozuelo Monfort <pochu@debian.org>:
Extra info received and forwarded to list. Copy sent to gpastore@debian.org (Guilherme de S. Pastore). (Mon, 15 Feb 2010 18:12:05 GMT) (full text, mbox, link).

Message #10 received at 569667@bugs.debian.org (full text, mbox, reply):

forcemerge 560049 569667
thanks

On 13/02/10 11:04, Giuseppe Iuculano wrote:
> CVE-2009-4641[0]:
> | gnome-screensaver 2.28.0 does not resume adherence to its activation
> | settings after an inhibiting application becomes unavailable on the
> | session bus, which allows physically proximate attackers to access an
> | unattended workstation on which screen locking had been intended.
> 
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.

This is already fixed in unstable, though it doesn't have the CVE in the
changelog entry (we fixed it before the CVE was published).

Emilio

Reply sent to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility. (Tue, 16 Feb 2010 12:54:03 GMT) (full text, mbox, link).

Notification sent to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer. (Tue, 16 Feb 2010 12:54:03 GMT) (full text, mbox, link).

Message #15 received at 569667-done@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Version: 2.28.0-2

[signature.asc (application/pgp-signature, attachment)]

Bug No longer marked as found in versions gnome-screensaver/2.28.2-1. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Sat, 20 Mar 2010 10:42:05 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Mar 2011 09:39:21 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:56:14 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4641: allows physically proximate attackers to access an unattended workstation

Debian Bug report logs - #569667
CVE-2009-4641: allows physically proximate attackers to access an unattended workstation

Vulmon Search

About

Products

Connect

CVE-2009-4641: allows physically proximate attackers to access an unattended workstation

Debian Bug report logs - #569667 CVE-2009-4641: allows physically proximate attackers to access an unattended workstation

Vulmon Search

About

Products

Connect

Debian Bug report logs - #569667
CVE-2009-4641: allows physically proximate attackers to access an unattended workstation