Impact: XScreenSaver is the default screen locker in dom0. It tracks which video outputs are connected to the system in order to blank them properly. In some specific hardware configurations, disconnecting an output can cause XScreenSaver to crash, leaving the screen unlocked. The issue affects XScreenSaver 5.45 only. Qubes applies a patch: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239 commit fbfd1bffe2e7f0c68efb06aa292ed7ebcb796239 Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2021-06-11 15:35:34 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2021-06-11 15:36:08 +0000 x11-misc/xscreensaver: CVE-2021-34557 Bug: https://bugs.gentoo.org/794475 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.19, Repoman-3.0.3 .../files/xscreensaver-5.45-cve-2021-34557.patch | 40 +++++ x11-misc/xscreensaver/xscreensaver-5.45-r1.ebuild | 168 +++++++++++++++++++++ 2 files changed, 208 insertions(+)
Thank you! Please bump when ready
amd64 done
arm64 done
arm done
x86 done
ppc done
ppc64 stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2d720ae5fc226fac1e8ce032c4126984b8c377e commit b2d720ae5fc226fac1e8ce032c4126984b8c377e Author: Sebastian Pipping <sping@gentoo.org> AuthorDate: 2021-06-13 11:42:23 +0000 Commit: Sebastian Pipping <sping@gentoo.org> CommitDate: 2021-06-13 11:42:23 +0000 x11-misc/xscreensaver: Drop vulnerable Bug: https://bugs.gentoo.org/794475 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.19, Repoman-3.0.3 x11-misc/xscreensaver/Manifest | 1 - .../files/xscreensaver-5.05-interix.patch | 32 ---- .../xscreensaver/files/xscreensaver-5.44-gcc.patch | 16 -- x11-misc/xscreensaver/xscreensaver-5.44-r4.ebuild | 160 -------------------- x11-misc/xscreensaver/xscreensaver-5.45.ebuild | 167 --------------------- 5 files changed, 376 deletions(-)
Unable to check for sanity: > no match for package: x11-misc/xscreensaver-5.45-r1
Seemingly rather hard to exploit so no need for a GLSA. Closing.