Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <51C01CC5.9070108@redhat.com>
Date: Tue, 18 Jun 2013 10:39:33 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: gnome-shell crash, screen unlock on resume

Upstream GNOME recently fixed a bug that could crash gnome-shell 
immediately after resume:

https://bugzilla.gnome.org/show_bug.cgi?id=701974

As noted here, the impact is that after resume, the password entry 
dialog disappears and the user is dropped into the pre-existing X session:

https://bugzilla.redhat.com/show_bug.cgi?id=954054

I haven't figured out the exact trigger conditions, but this has 
happened to me a couple of times since switching to Fedora 19 last 
weekend.  It does not appear to be a once-in-a-blue-moon bug.

I think this needs to be tracked as a security bug because screen 
locking is a security feature (which is part of many security policies).

-- 
Florian Weimer / Red Hat Product Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.