From https://bugzilla.redhat.com/show_bug.cgi?id=867908 : A denial of service flaw was found in the way xlockmore, X screen lock and screen saver, performed passing arguments to underlying localtime() call, when the 'dlock' mode was used. An attacker could use this flaw to potentially obtain unauthorized access to screen / graphical session, previously locked by another user / victim. CVE request (containing also patch proposal): [1] http://www.openwall.com/lists/oss-security/2012/10/17/10
5.41 ... dclock: fix for segmentation violation noticed on NetBSD and now more Y2038 safe thanks to Ignatios Souvatzis <is AT netbsd.org>. ... Arch teams, please test and mark stable: =x11-misc/xlockmore-5.41 Stable KEYWORDS : alpha amd64 hppa ppc ppc64 sparc x86
stable ppc ppc64
amd64 stable
Stable for HPPA.
alpha/sparc/x86 stable
Thanks, everyone. GLSA vote: yes.
Vote: yes, GLSA request created.
This issue was resolved and addressed in GLSA 201309-03 at http://security.gentoo.org/glsa/glsa-201309-03.xml by GLSA coordinator Sergey Popov (pinkbyte).