Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 489218 (CVE-2013-2190) - <media-libs/clutter-1.14.6: Authentication bypass (CVE-2013-2190)
Summary: <media-libs/clutter-1.14.6: Authentication bypass (CVE-2013-2190)
Status: RESOLVED FIXED
Alias: CVE-2013-2190
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on: gnome-3.8-stable gnome-3.10-stable
Blocks:
  Show dependency tree
 
Reported: 2013-10-24 00:29 UTC by GLSAMaker/CVETool Bot
Modified: 2016-06-21 07:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2013-10-24 00:29:58 UTC
CVE-2013-2190 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2190):
  The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c
  in Clutter, when resuming the system, does not properly handle XIQueryDevice
  errors when a device has "disappeared," which causes the gnome-shell to
  crash and allows physically proximate attackers to access the previous
  gnome-shell session via unspecified vectors.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-12-03 01:10:10 UTC
Patch available: https://bug701974.bugzilla-attachments.gnome.org/attachment.cgi?id=246475
Comment 2 Pacho Ramos gentoo-dev 2013-12-04 19:44:28 UTC
This is already fixed in 1.14.6 that is being stabilizing in bug 478252
Comment 3 Pacho Ramos gentoo-dev 2014-04-18 12:41:52 UTC
Vulnerable versions were dropped
Comment 4 Pacho Ramos gentoo-dev 2014-06-01 13:29:56 UTC
1.14.6 stabilized in bug 478252 fixes this
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-03-05 08:22:41 UTC
Very old.  Vulnerability mitigated with previous commits and old ebuilds purged.
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2016-06-21 07:31:51 UTC
GLSA Vote: No