gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver
before 2.28.1, performs implicit paints on windows of type
GDK_WINDOW_FOREIGN, which triggers an X error in certain
circumstances and consequently allows physically proximate attackers
to bypass screen locking and access an unattended workstation by
pressing the Enter key many times.
Gnome: We still have some older versions in the tree.
Can they be removed? If not, what needs to be done first?
Stablereq already ongoing in bug #304777 afaik, I did some clean up of old ebuilds.
All affected gtk+ revisions have been removed from the tree.
GLSA Vote: yes.
GLSA request filed.
fixed in 2.18.7 that as stabilized in bug #304777
This issue was resolved and addressed in
GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).