Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 263678 (CVE-2008-6514) - <=x11-plugins/compiz-fusion-plugins-main-0.7.8 screensaver bypass (CVE-2008-6514)
Summary: <=x11-plugins/compiz-fusion-plugins-main-0.7.8 screensaver bypass (CVE-2008-6...
Status: RESOLVED FIXED
Alias: CVE-2008-6514
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://gitweb.compiz-fusion.org/?p=fu...
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-24 23:37 UTC by Stefan Behte (RETIRED)
Modified: 2009-04-11 21:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-24 23:37:18 UTC
CVE-2008-6514 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6514):
  The Expo plugin in Compiz Fusion 0.7.8 allows local users with
  physical access to drag the screen saver aside and access the locked
  desktop by using Expo mouse shortcuts, a related issue to
  CVE-2007-3920.
Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2009-03-25 00:25:19 UTC
I'm going to add 0.8.2 asap to the tree.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-25 21:05:30 UTC
As it's an easy patch, we could also fix 0.7.8.
Comment 3 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2009-04-03 11:25:20 UTC
I just added compiz-0.8.2 to the tree.
After talking to rbu, I've decided to skip patching 0.7.8. Should we remove 0.7.8 asap?
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-04-03 13:05:04 UTC
yep, please remove. closing [noglsa] as this affected ~arch only.
Comment 5 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2009-04-11 21:27:34 UTC
I've now removed compiz-0.7.8 ebuilds from the tree.