Thank you for your report, Ian. > Package: libpam-rsa > Version: 0.8-9-2.4 > Tags: security > > * What led up to the situation? > 1. I manually locked my screen using xscreensaver-command -lock. > 2. I moved the pointer, causing the xscreensaver password screen to appear. > 3. I moved the pointer some more and waited for the timeout to expire. > > * What was the outcome of this action? > xscreensaver crashed with a segfault, and the screen was unlocked, > including a root shell window. > > This is very repeatable. It may be relevant that I use libpam-rsa > instead of the normal pam-unix for login.
Is it possible to reproduce that xscreensaver crash also without libpam-rsa module being used? (when using pam-unix login alternative with the same scenario) Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team > > -- > Ian Zimmerman > gpg public key: 1024D/C6FF61AD > fingerprint: 66DC D68F 5C1B 4D71 2EE5 BD03 8A00 786C C6FF 61AD > http://www.gravatar.com/avatar/c66875cda51109f76c6312f4d4743d1e.png > Rule 420: All persons more than eight miles high to leave the court -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org