Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 316697 (CVE-2010-0732) - <x11-libs/gtk+-2.18.7 Screensaver Bypass (CVE-2010-0732)
Summary: <x11-libs/gtk+-2.18.7 Screensaver Bypass (CVE-2010-0732)
Status: RESOLVED FIXED
Alias: CVE-2010-0732
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B4 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-22 17:27 UTC by Alex Legler (RETIRED)
Modified: 2014-12-12 00:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-04-22 17:27:25 UTC
CVE-2010-0732 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732):
  gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver
  before 2.28.1, performs implicit paints on windows of type
  GDK_WINDOW_FOREIGN, which triggers an X error in certain
  circumstances and consequently allows physically proximate attackers
  to bypass screen locking and access an unattended workstation by
  pressing the Enter key many times.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-04-22 17:28:59 UTC
Gnome: We still have some older versions in the tree.
Can they be removed? If not, what needs to be done first?
Comment 2 Gilles Dartiguelongue gentoo-dev 2010-04-23 09:42:41 UTC
Stablereq already ongoing in bug #304777 afaik, I did some clean up of old ebuilds.
Comment 3 Gilles Dartiguelongue gentoo-dev 2010-10-08 20:02:10 UTC
All affected gtk+ revisions have been removed from the tree.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-01-11 00:30:41 UTC
GLSA Vote: yes.
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2011-02-23 23:05:33 UTC
GLSA request filed.
Comment 6 Pacho Ramos gentoo-dev 2014-06-01 13:25:39 UTC
fixed in 2.18.7 that as stabilized in bug #304777
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2014-12-12 00:31:20 UTC
This issue was resolved and addressed in
 GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).