Date: Sat, 5 Jun 2021 04:03:42 +0200 From: Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com> To: oss-security@...ts.openwall.com Subject: Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock On Sat, Jun 05, 2021 at 02:55:10AM +0200, Marek Marczykowski-Górecki wrote: > The issue affects only XScreenSaver version 5.45. Versions 5.44 and > older, as well as 6.00, are not affected. The XScreenSaver author was > notified about this issue and decided not to publish an advisory, as the > issue does not affect the most recent version. > > The Qubes Security Team has decided to address this issue in Qubes OS by > patching this specific bug rather than immediately upgrading to the 6.00 > version. And here is the patch applied in Qubes OS: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.