Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 489218 (CVE-2013-2190)

Summary: <media-libs/clutter-1.14.6: Authentication bypass (CVE-2013-2190)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 478252, 499954    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2013-10-24 00:29:58 UTC 
CVE-2013-2190 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2190):
  The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c
  in Clutter, when resuming the system, does not properly handle XIQueryDevice
  errors when a device has "disappeared," which causes the gnome-shell to
  crash and allows physically proximate attackers to access the previous
  gnome-shell session via unspecified vectors.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-12-03 01:10:10 UTC 
Patch available: https://bug701974.bugzilla-attachments.gnome.org/attachment.cgi?id=246475
Comment 2 Pacho Ramos gentoo-dev 2013-12-04 19:44:28 UTC 
This is already fixed in 1.14.6 that is being stabilizing in bug 478252
Comment 3 Pacho Ramos gentoo-dev 2014-04-18 12:41:52 UTC 
Vulnerable versions were dropped
Comment 4 Pacho Ramos gentoo-dev 2014-06-01 13:29:56 UTC 
1.14.6 stabilized in bug 478252 fixes this
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-03-05 08:22:41 UTC 
Very old.  Vulnerability mitigated with previous commits and old ebuilds purged.
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2016-06-21 07:31:51 UTC 
GLSA Vote: No