Date: Sat, 5 Jun 2021 04:03:42 +0200 From: Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com> To: oss-security@...ts.openwall.com Subject: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock On Sat, Jun 05, 2021 at 02:55:10AM +0200, Marek Marczykowski-Górecki wrote: > The issue affects only XScreenSaver version 5.45. Versions 5.44 and > older, as well as 6.00, are not affected. The XScreenSaver author was > notified about this issue and decided not to publish an advisory, as the > issue does not affect the most recent version. > > The Qubes Security Team has decided to address this issue in Qubes OS by > patching this specific bug rather than immediately upgrading to the 6.00 > version. And here is the patch applied in Qubes OS: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.