| Summary: | <app-accessibility/caribou-0.4.21-r2: Screensaver lock bypass | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | minor | CC: | filakhtov, proxy-maint, sparky, vovan |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/linuxmint/cinnamon-screensaver/issues/354 | ||
| See Also: |
https://github.com/gentoo/gentoo/pull/19082 https://github.com/gentoo/gentoo/pull/19287 |
||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2021-01-16 18:05:36 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c7cf52b42ecfc82e17986f1c026a54be3c900f6 commit 2c7cf52b42ecfc82e17986f1c026a54be3c900f6 Author: Matthew S. Turnbull <sparky@bluefang-logic.com> AuthorDate: 2021-01-16 20:52:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-23 03:44:44 +0000 app-accessibility/caribou: Fix crash due to xserver CVE fix xorg-server 1.20.10 contains a fix for CVE-2020-25712. This causes a previous work-around in caribou to result in a BadLength error, when interacting with XKB, and crashes the hosting application. Fixes provided by Cinnamon upstream from Fedora RPM: https://src.fedoraproject.org/rpms/caribou/tree/master This also includes an upstreamed antler fix and bumps PYTHON_COMPAT for 3.9 support. Bug: https://bugs.gentoo.org/765661 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com> Closes: https://github.com/gentoo/gentoo/pull/19082 Signed-off-by: Sam James <sam@gentoo.org> app-accessibility/caribou/caribou-0.4.21-r2.ebuild | 103 +++++++++++++++++++++ .../files/caribou-fix-antler-style-css.patch | 26 ++++++ .../files/caribou-fix-compilation-error.patch | 25 +++++ .../caribou/files/caribou-fix-subkey-popmenu.patch | 32 +++++++ .../files/caribou-fix-xadapter-xkb-calls.patch | 46 +++++++++ 5 files changed, 232 insertions(+) We'll give it a little bit of time (until later today) then kick it off for stabling? Unable to check for sanity:
> no match for package: gnome-extra/cinnamon-screensaver-0.4.21-r2
Let's go! amd64 done x86 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be71a794e927aa8dc8acf3cb4c163f883b0e504b commit be71a794e927aa8dc8acf3cb4c163f883b0e504b Author: Matthew S. Turnbull <sparky@bluefang-logic.com> AuthorDate: 2021-02-01 16:02:54 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-02-02 13:07:12 +0000 app-accessibility/caribou: Remove unpatched ebuild Bug: https://bugs.gentoo.org/765661 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com> Closes: https://github.com/gentoo/gentoo/pull/19287 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-accessibility/caribou/caribou-0.4.21-r1.ebuild | 95 ---------------------- 1 file changed, 95 deletions(-) This regression is not a security bug, therefore closing as invalid. (In reply to Thomas Deutschmann from comment #9) > This regression is not a security bug, therefore closing as invalid. Can you explain your reasoning please? It seems like this affects cinnamon-screensaver because it uses the accessibility tech from caribou? |