Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 196980 (CVE-2007-5585) - x11-misc/rss-glx Xscreensaver lock bypass (CVE-2007-5585)
Summary: x11-misc/rss-glx Xscreensaver lock bypass (CVE-2007-5585)
Status: RESOLVED INVALID
Alias: CVE-2007-5585
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/27392/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-24 23:54 UTC by Robert Buchholz (RETIRED)
Modified: 2008-02-06 12:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-10-24 23:54:24 UTC 
CVE-2007-5585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5585):
  xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras
  (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not
  exist and a user attempts to unlock the screen, which allows attackers with
  physical access to gain access to the locked session.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-24 23:58:23 UTC 
This looks like it does not affect Xscreensaver because when USE=opengl is used, the xscreensaver-gl-helper is installed.

rss-glx also works with kdeartwork-kscreensaver, is this combination affected by the issue at hand?

Desktop-misc and kde, please advise.
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-10-25 07:09:52 UTC 
i would say it does not affect us
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-29 21:54:45 UTC 
(In reply to comment #2)
> i would say it does not affect us
> 

desktop-misc/kde, do you confirm? can we close this one as invalid?
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2007-11-14 00:16:56 UTC 
ping, desktop-misc and kde herds?
Comment 5 Samuli Suominen (RETIRED) gentoo-dev 2008-02-06 11:40:46 UTC 
Confirmed. 5.04 fixes this issue, we have a stable bug open for that bug some arches are slacking
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-06 12:06:17 UTC 
(In reply to comment #5)
> Confirmed. 
> 
ok, so closing as invalid.

>5.04 fixes this issue, we have a stable bug open for that bug some
> arches are slacking

Since this issue does not affect us, it's not our problem anymore :p