desktop-packages team mailing list archive

Thread
Date

[Bug 1512931] Re: Additional Distro Versions Vuln to usn-2789-1

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Wed, 04 Nov 2015 04:23:19 -0000
Reply-to: Bug 1512931 <1512931@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Yes, we're aware. In Ubuntu 15.04, xscreensaver is in Universe, which
means it is community maintained and doesn't get official security
updates.

** Information type changed from Private Security to Public Security

** Changed in: xscreensaver (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xscreensaver in Ubuntu.
https://bugs.launchpad.net/bugs/1512931

Title:
  Additional Distro Versions Vuln to usn-2789-1

Status in xscreensaver package in Ubuntu:
  Incomplete

Bug description:
  Not sure if you're aware, but I'm able to replicate usb-2789-1 on 
  $ cat /etc/lsb-release 
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=15.04
  DISTRIB_CODENAME=vivid
  DISTRIB_DESCRIPTION="Ubuntu 15.04"

  Current release in vivid:
  ||/ Name                   Version          Architecture     Description
  +++-======================-================-================-=================================================
  ii  xscreensaver           5.30-1ubuntu1    amd64            Screensaver daemon and frontend for X11

  
  The bug page only lists 12.04LTS as being vulnerable.

  I was able to reproduce by having a dual screen (desktop) setup, and
  unplugging the *secondary* (as according to display settings), whilst
  the xscreensaver password unlock dialog was open.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xscreensaver/+bug/1512931/+subscriptions