dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #14740
[Bug 1313885] Re: lock screen bypass
This bug was fixed in the package unity -
7.2.0+14.04.20140423-0ubuntu1.1
---------------
unity (7.2.0+14.04.20140423-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: lock screen bypass (LP: #1313885)
- debian/patches/lp1313885.patch: improve lockscreen logic in
lockscreen/LockScreenController.cpp, lockscreen/LockScreenShield.*,
plugins/unityshell/src/unityshell.*.
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Mon, 28 Apr 2014 22:29:13 -0400
** Changed in: unity (Ubuntu Utopic)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to unity in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1313885
Title:
lock screen bypass
Status in Unity:
In Progress
Status in “unity” package in Ubuntu:
Fix Released
Status in “unity” source package in Trusty:
Fix Released
Status in “unity” source package in Utopic:
Fix Released
Bug description:
I found a bug allowing a user to bypass the new lock screen of Ubuntu
14.04
1 - When the screen is locked just right click multiple times on the indicator bar (for example on the battery indicator), then shortcuts are available.
2 - Press ALT+F2
3 - you can execute the command you whant on behalf of the logged user.
Here is a video demonstrating this bug :
http://www.youtube.com/watch?v=d4UUB0sI5Fc
lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04
Ubuntu version updated the 04/28/2014
apt-cache policy unity
unity:
Installed: 7.2.0+14.04.20140416-0ubuntu1
Candidate: 7.2.0+14.04.20140416-0ubuntu1
Version table:
*** 7.2.0+14.04.20140416-0ubuntu1 0
500 http://fr.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/1313885/+subscriptions
References
