| Summary: | gnome-extra/gnome-screensaver-2.20.0 Allows unauthorized disclosure of information (CVE-2007-6389) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | gnome |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bugzilla.gnome.org/show_bug.cgi?id=482159 | ||
| Whiteboard: | B4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Lars Hartmann
2007-12-18 07:25:02 UTC
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. There are patches available here, but I have to agree with the last comments on the GNOME bug that clearing without restoring might not be expected behavior. dito, applying this patches would be a fault imo. This would cause many bugreports about problems with the clipboard Setting to upstream status until we have a proper patch. CCing maintainers... Do we need to do anything? It seems upstream went with data loss and is seeing if someone cares about the clipboard data loss Mart, thanks for getting back on this bug. This thing is stable, so we're here for GLSA decision. I tend to vote yes. I tend to vote NO. I vote NO. reverting to NO then, closing. |