Date: Sun, 25 Oct 2015 00:12:38 +0900 From: Mamoru TASAKA <mtasaka@...oraproject.org> To: oss-security@...ts.openwall.com Cc: secalert@...hat.com, Mamoru Tasaka <mtasaka@...oraproject.org> Subject: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password Hello, all: I received a Fedora bug report https://bugzilla.redhat.com/show_bug.cgi?id=1274452 that on XFCE, * using VGA and HDMI dual monitor (for example) * lock the screen with $ xscreensaver-command -lock * move mouse, password dialog appears * during the time password dialog still appears, unplug HDMI cable then xscreensaver abort()s (actually it abort()s, not segv, however I guess it is not important) (at the line 420 in xscreensaver-5.33/driver/subprocs.c) 100% reproducible. This issue is already in public as https://twitter.com/Thaolia/status/656823859304398848 I and the upstream developer already tracked down the cause and the upstream send me a patch, which seems to be working. hopefully the upstream will release the new version soon. Please assign a CVE ID for this. Best regards, Mamoru TASAKA <mtasaka@...oraproject.org>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.