Sorry to be spammy, but you'll also want this other Clutter commit: https://git.gnome.org/browse/clutter/commit/?id=78a3590fd67338b63651fcf935aeeee4254ef1e1
On 11/17/2013 01:57 PM, Joanmarie Diggs wrote: > Already fixed in Clutter: > https://git.gnome.org/browse/clutter/commit/?id=ccea1644ba81593fd19a772048e91909962ef570 > > --joanie > > On 11/15/2013 02:04 PM, Daniel Kahn Gillmor wrote: >> Package: gnome-orca >> Version: 3.4.2-2 >> Severity: normal >> >> Hi Orca folks-- >> >> It looks like the gnome screen-reader reads back every key pressed >> into a password text entry field. If the computer in question has >> public audio enabled, this effectively reads the user's password aloud >> to anyone else in the room. >> >> Most egregiously, this happens in the gdm3 login greeter during >> password entry. This is particularly bad because anyone (without >> authentication) can enable the screen reader for the gdm3 greeter via >> the accessibility menu (see http://bugs.debian.org/689559), and leave >> it that way for the next person who logs in. >> >> I note that sometimes (i haven't been able to track down what the >> difference is), gnome does read each character of the password text as >> "asterisk". that's clumsy, but it's way better from a security point >> of view than the behavior i'm currently seeing (hearing). >> >> To reproduce the problem, i launched a kvm guest with a minimal wheezy >> install, then installed (without Recommends): >> >> xserver-xorg orca gnome-orca pulseaudio pulseaudio-module-x11 xbrlapi >> gnome-mag libbonobo2-bin speech-dispatcher-festival festvox-kallpc16k >> sox sound-icons openbox at-spi2-core desktop-base >> gnome-icon-theme-symbolic >> >> and then, finally: >> >> apt-get install gdm3 >> >> It seems likely that an even more minimalist config could reproduce >> the problem too. >> >> --dkg >> >> -- System Information: >> Debian Release: 7.2 >> APT prefers stable-updates >> APT policy: (500, 'stable-updates'), (500, 'stable') >> Architecture: amd64 (x86_64) >> >> Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) >> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) >> Shell: /bin/sh linked to /bin/dash >> >> Versions of packages gnome-orca depends on: >> ii gir1.2-gtk-3.0 3.4.2-6 >> ii gir1.2-pango-1.0 1.30.0-1 >> ii gir1.2-wnck-3.0 3.4.2-1 >> ii python 2.7.3-4+deb7u1 >> ii python-brlapi 4.4-10+deb7u1 >> ii python-cairo 1.8.8-1+b2 >> ii python-dbus 1.1.1-1 >> ii python-gi 3.2.2-2 >> ii python-louis 2.4.1-1 >> ii python-pyatspi2 2.5.3+dfsg-3 >> ii python-speechd 0.7.1-6.2 >> ii python-support 1.0.15 >> ii python-xdg 0.19-5 >> ii speech-dispatcher 0.7.1-6.2 >> >> Versions of packages gnome-orca recommends: >> ii gnome-mag 1:0.16.3-1 >> ii wget 1.13.4-3 >> ii xbrlapi 4.4-10+deb7u1 >> >> gnome-orca suggests no packages. >> >> -- no debconf information >> >> > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
