Debian Bug report logs -
#921490
gnome-shell: CVE-2019-3820
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
:
Bug#921490
; Package src:gnome-shell
.
(Wed, 06 Feb 2019 05:03:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
.
(Wed, 06 Feb 2019 05:03:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: gnome-shell
Version: 3.30.2-2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
Hi,
The following vulnerability was published for gnome-shell.
CVE-2019-3820[0]:
partial lock screen bypass
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-3820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3820
[1] https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug#921490.
(Wed, 06 Feb 2019 09:51:05 GMT) (full text, mbox, link).
Message #8 received at 921490-submitter@bugs.debian.org (full text, mbox, reply):
Control: tag -1 pending
Hello,
Bug #921490 in gnome-shell reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/gnome-team/gnome-shell/commit/a2a9cb368d0dbdae82996484704a7e2552d4a400
------------------------------------------------------------------------
Add patches from upstream to fix partial lock screen bypass (CVE-2019-3820)
Closes: #921490
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/921490
Added tag(s) pending.
Request was from Simon McVittie <>
to 921490-submitter@bugs.debian.org
.
(Wed, 06 Feb 2019 09:51:05 GMT) (full text, mbox, link).
Reply sent
to Simon McVittie <smcv@debian.org>
:
You have taken responsibility.
(Wed, 06 Feb 2019 11:09:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 06 Feb 2019 11:09:11 GMT) (full text, mbox, link).
Message #15 received at 921490-close@bugs.debian.org (full text, mbox, reply):
Source: gnome-shell
Source-Version: 3.30.2-3
We believe that the bug you reported is fixed in the latest version of
gnome-shell, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921490@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated gnome-shell package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 06 Feb 2019 09:46:52 +0000
Source: gnome-shell
Architecture: source
Version: 3.30.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 921490
Changes:
gnome-shell (3.30.2-3) unstable; urgency=medium
.
* Team upload
* d/p/ibusManager-Don-t-pass-undefined-callback-to-ibus.patch:
Mark as applied on upstream gnome-3-30 branch, and reorder earlier
in the patch series
* d/p/panel-Don-t-allow-opening-hidden-menus-via-keybindings.patch,
d/p/shellActionModes-disable-POPUP-keybindings-in-unlock-scre.patch:
Add patches from upstream to fix partial lock screen bypass
(CVE-2019-3820, Closes: #921490)
* Update patch series from gnome-3-30 branch, up to 3.30.2-11-ge23f4d6c7
- Fix a crash that can happen when locking the screen
- Fix a critical when an app is closed while its popup menu is open
- Ignore pointer emulated touch events, fixing unintended double clicks
in extensions like dash-to-dock
- Don't close ibus popup window when an entry field changes its input
purpose
- Update translations: eu, eo, sk, fr
Checksums-Sha1:
58f6ffebc3c37d45e7c0030b7a2233432641841d 3331 gnome-shell_3.30.2-3.dsc
416a08db5836f46958f00e5d4d12f0116a660bd0 50436 gnome-shell_3.30.2-3.debian.tar.xz
c5a0fad1d0ddb24529705d5950858fcf472ddc65 19169 gnome-shell_3.30.2-3_source.buildinfo
Checksums-Sha256:
92e3e30f54382a5363895f72dcdd97eef896d4887e7b021a00d2926f4973d3e9 3331 gnome-shell_3.30.2-3.dsc
67e245b5d2ad739165e6d72599e393da769469974c9e829c3bece2c95b49a488 50436 gnome-shell_3.30.2-3.debian.tar.xz
b4cdd69430f43103ca704c17594f81f64b67d3ab41515760c11640319d8439c7 19169 gnome-shell_3.30.2-3_source.buildinfo
Files:
c5c112e0013d5d65ee95d6dc6b9ee407 3331 gnome optional gnome-shell_3.30.2-3.dsc
a1827dbf8be56a40816804f7254d4c52 50436 gnome optional gnome-shell_3.30.2-3.debian.tar.xz
1d4ec526ae9ca0c1907564d0ef2ae345 19169 gnome optional gnome-shell_3.30.2-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlxau5YACgkQ4FrhR4+B
TE96ohAAoUujJoKTzdSgOAol19PJgUR2O+q/sC97Jf9Wfr9Kauvy75rA05lVBHEj
NWdsj7uqy0qPvH7Gd7UFy9BiDHxiqz+cT6T+IOWp0PlHUamBJWDQ8QLlnUA77PhP
9e6F/N3DwoYyv4ghR0lUAM//T//91TZz0WIWz3a4IU1z7rJBQ/SUDCRw6zY9trYf
GOCbotD1p2ASkwSpN1ylMeEAsA9o6C9436IIBzFX9pWw5c39UjOWKrFdg+FFz2xS
tI1wmiOwdrkG5V/t+uhTvK9IpkEUE5cblD+x8GA4jcEBG/pOyFUcbYB4xIjvlG28
bNAdjBTbn2yeD+MU23h9yTTZISx6iVbHlC2VAqXqJAMouFikVrJGwBBwEH3ddrG3
A/QrstpDGdAy8LlCFcAUacJdPrcsXwv7ZoS0Bzxc2daT0KYXpjz8yttwK61PvaP+
Dc8NfXnXmZMIbtxroJsOY2RjaXvUhpRnuVjOZfpYQvidviYYOzsFOEaH2Ydp9AL/
hvOsFZTjELKhSYVEZmxIOOIh4fQE2yuIKTmUt2EpApl7XSdUvPUG1DxOkya/NblX
CA72kc+nW+dIwhgX1QxT9vxtEkWpxAryLVIB3S47bqw3w3e9AH2xyBa0YSSBFaVU
KQ8J62E2jhkcQbhKhLRpI7YqRdjH42zwNK5Ga/Wyd0i2/+c2z/o=
=3lGQ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 07 Mar 2019 07:37:45 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:50:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.