gnome-shell: CVE-2019-3820

Debian Bug report logs - #921490
gnome-shell: CVE-2019-3820

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: gnome-shell: CVE-2019-3820

Date: Wed, 06 Feb 2019 06:00:08 +0100

Source: gnome-shell
Version: 3.30.2-2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851

Hi,

The following vulnerability was published for gnome-shell.

CVE-2019-3820[0]:
partial lock screen bypass

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-3820
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3820
[1] https://gitlab.gnome.org/GNOME/gnome-shell/issues/851

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #8 received at 921490-submitter@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <>

To: 921490-submitter@bugs.debian.org

Subject: Bug #921490 in gnome-shell marked as pending

Date: Wed, 06 Feb 2019 09:47:22 +0000

Control: tag -1 pending

Hello,

Bug #921490 in gnome-shell reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/gnome-team/gnome-shell/commit/a2a9cb368d0dbdae82996484704a7e2552d4a400

------------------------------------------------------------------------
Add patches from upstream to fix partial lock screen bypass (CVE-2019-3820)

Closes: #921490
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/921490

Message #15 received at 921490-close@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: 921490-close@bugs.debian.org

Subject: Bug#921490: fixed in gnome-shell 3.30.2-3

Date: Wed, 06 Feb 2019 11:05:06 +0000

Source: gnome-shell
Source-Version: 3.30.2-3

We believe that the bug you reported is fixed in the latest version of
gnome-shell, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 921490@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated gnome-shell package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 06 Feb 2019 09:46:52 +0000
Source: gnome-shell
Architecture: source
Version: 3.30.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 921490
Changes:
 gnome-shell (3.30.2-3) unstable; urgency=medium
 .
   * Team upload
   * d/p/ibusManager-Don-t-pass-undefined-callback-to-ibus.patch:
     Mark as applied on upstream gnome-3-30 branch, and reorder earlier
     in the patch series
   * d/p/panel-Don-t-allow-opening-hidden-menus-via-keybindings.patch,
     d/p/shellActionModes-disable-POPUP-keybindings-in-unlock-scre.patch:
     Add patches from upstream to fix partial lock screen bypass
     (CVE-2019-3820, Closes: #921490)
   * Update patch series from gnome-3-30 branch, up to 3.30.2-11-ge23f4d6c7
     - Fix a crash that can happen when locking the screen
     - Fix a critical when an app is closed while its popup menu is open
     - Ignore pointer emulated touch events, fixing unintended double clicks
       in extensions like dash-to-dock
     - Don't close ibus popup window when an entry field changes its input
       purpose
     - Update translations: eu, eo, sk, fr
Checksums-Sha1:
 58f6ffebc3c37d45e7c0030b7a2233432641841d 3331 gnome-shell_3.30.2-3.dsc
 416a08db5836f46958f00e5d4d12f0116a660bd0 50436 gnome-shell_3.30.2-3.debian.tar.xz
 c5a0fad1d0ddb24529705d5950858fcf472ddc65 19169 gnome-shell_3.30.2-3_source.buildinfo
Checksums-Sha256:
 92e3e30f54382a5363895f72dcdd97eef896d4887e7b021a00d2926f4973d3e9 3331 gnome-shell_3.30.2-3.dsc
 67e245b5d2ad739165e6d72599e393da769469974c9e829c3bece2c95b49a488 50436 gnome-shell_3.30.2-3.debian.tar.xz
 b4cdd69430f43103ca704c17594f81f64b67d3ab41515760c11640319d8439c7 19169 gnome-shell_3.30.2-3_source.buildinfo
Files:
 c5c112e0013d5d65ee95d6dc6b9ee407 3331 gnome optional gnome-shell_3.30.2-3.dsc
 a1827dbf8be56a40816804f7254d4c52 50436 gnome optional gnome-shell_3.30.2-3.debian.tar.xz
 1d4ec526ae9ca0c1907564d0ef2ae345 19169 gnome optional gnome-shell_3.30.2-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlxau5YACgkQ4FrhR4+B
TE96ohAAoUujJoKTzdSgOAol19PJgUR2O+q/sC97Jf9Wfr9Kauvy75rA05lVBHEj
NWdsj7uqy0qPvH7Gd7UFy9BiDHxiqz+cT6T+IOWp0PlHUamBJWDQ8QLlnUA77PhP
9e6F/N3DwoYyv4ghR0lUAM//T//91TZz0WIWz3a4IU1z7rJBQ/SUDCRw6zY9trYf
GOCbotD1p2ASkwSpN1ylMeEAsA9o6C9436IIBzFX9pWw5c39UjOWKrFdg+FFz2xS
tI1wmiOwdrkG5V/t+uhTvK9IpkEUE5cblD+x8GA4jcEBG/pOyFUcbYB4xIjvlG28
bNAdjBTbn2yeD+MU23h9yTTZISx6iVbHlC2VAqXqJAMouFikVrJGwBBwEH3ddrG3
A/QrstpDGdAy8LlCFcAUacJdPrcsXwv7ZoS0Bzxc2daT0KYXpjz8yttwK61PvaP+
Dc8NfXnXmZMIbtxroJsOY2RjaXvUhpRnuVjOZfpYQvidviYYOzsFOEaH2Ydp9AL/
hvOsFZTjELKhSYVEZmxIOOIh4fQE2yuIKTmUt2EpApl7XSdUvPUG1DxOkya/NblX
CA72kc+nW+dIwhgX1QxT9vxtEkWpxAryLVIB3S47bqw3w3e9AH2xyBa0YSSBFaVU
KQ8J62E2jhkcQbhKhLRpI7YqRdjH42zwNK5Ga/Wyd0i2/+c2z/o=
=3lGQ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.