Date: Sun, 25 Oct 2015 00:12:38 +0900 From: Mamoru TASAKA <mtasaka@...oraproject.org> To: oss-security@...ts.openwall.com Cc: secalert@...hat.com, Mamoru Tasaka <mtasaka@...oraproject.org> Subject: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password Hello, all: I received a Fedora bug report https://bugzilla.redhat.com/show_bug.cgi?id=1274452 that on XFCE, * using VGA and HDMI dual monitor (for example) * lock the screen with $ xscreensaver-command -lock * move mouse, password dialog appears * during the time password dialog still appears, unplug HDMI cable then xscreensaver abort()s (actually it abort()s, not segv, however I guess it is not important) (at the line 420 in xscreensaver-5.33/driver/subprocs.c) 100% reproducible. This issue is already in public as https://twitter.com/Thaolia/status/656823859304398848 I and the upstream developer already tracked down the cause and the upstream send me a patch, which seems to be working. hopefully the upstream will release the new version soon. Please assign a CVE ID for this. Best regards, Mamoru TASAKA <mtasaka@...oraproject.org>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ