Summary: | <x11-misc/xscreensaver-5.45-r1: screen lock bypass when >=10 video outputs (CVE-2021-34557) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | flow, maintainer-needed, sam, sping |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2021/06/05/1 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: |
x11-misc/xscreensaver-5.45-r1
|
Runtime testing required: | --- |
Description
John Helmert III
2021-06-05 20:23:36 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239 commit fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239 Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2021-06-11 15:35:34 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2021-06-11 15:36:08 +0000 x11-misc/xscreensaver: CVE-2021-34557 Bug: https://bugs.gentoo.org/794475 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.19, Repoman-3.0.3 .../files/xscreensaver-5.45-cve-2021-34557.patch | 40 +++++ x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild | 168 +++++++++++++++++++++ 2 files changed, 208 insertions(+) Thank you! Please bump when ready amd64 done arm64 done arm done x86 done ppc done ppc64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2d720ae5fc226fac1e8ce032c4126984b8c377e commit b2d720ae5fc226fac1e8ce032c4126984b8c377e Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2021-06-13 11:42:23 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2021-06-13 11:42:23 +0000 x11-misc/xscreensaver: Drop vulnerable Bug: https://bugs.gentoo.org/794475 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.19, Repoman-3.0.3 x11-misc/xscreensaver/Manifest | 1 - .../files/xscreensaver-5.05-interix.patch | 32 ---- .../xscreensaver/files/xscreensaver-5.44-gcc.patch | 16 -- x11-misc/xscreensaver/xscreensaver-5.44-r4.ebuild | 160 -------------------- x11-misc/xscreensaver/xscreensaver-5.45.ebuild | 167 --------------------- 5 files changed, 376 deletions(-) Unable to check for sanity:
> no match for package: x11-misc/xscreensaver-5.45-r1
Seemingly rather hard to exploit so no need for a GLSA. Closing. |