Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YLrbf2Yirc4LuA16@mail-itl>
Date: Sat, 5 Jun 2021 04:03:42 +0200
From: Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com>
To: oss-security@...ts.openwall.com
Subject: Re: XScreenSaver 5.45: Disconnecting a video output can cause
 XScreenSaver to crash and unlock

On Sat, Jun 05, 2021 at 02:55:10AM +0200, Marek Marczykowski-Górecki wrote:
> The issue affects only XScreenSaver version 5.45. Versions 5.44 and
> older, as well as 6.00, are not affected. The XScreenSaver author was
> notified about this issue and decided not to publish an advisory, as the
> issue does not affect the most recent version.
> 
> The Qubes Security Team has decided to address this issue in Qubes OS by
> patching this specific bug rather than immediately upgrading to the 6.00
> version.

And here is the patch applied in Qubes OS:
https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.