Bug#737396: kscreensaver: locked screen allows any password if a third session (vt9) is also active

Sun, 02 Feb 2014 05:00:45 -0800 

Package: kscreensaver
Version: 4:4.8.4-5
Justification: causes serious data loss
Severity: critical
Tags: security

Dear Maintainer,

        after activating tree (kde-)sessions on vt7,vt8 and vt9, one of the
sessions does not need having a password entered at the login widget, still, 
it
lets you in.  Which session is affected is not clear, seems to be random.
        Not sure, but it I think even root sessions could be started this way.

Thanks



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kscreensaver depends on:
ii  kde-runtime               4:4.11.3-1
ii  kde-workspace-bin         4:4.11.3-2
ii  libc6                     2.17-97
ii  libgl1-mesa-glx [libgl1]  9.1.3-6
ii  libglu1-mesa [libglu1]    9.0.0-2
ii  libkdecore5               4:4.11.3-2
ii  libkdeui5                 4:4.11.3-2
ii  libkexiv2-10              4:4.8.4-1
ii  libkio5                   4:4.11.3-2
ii  libkparts4                4:4.11.3-2
ii  libkscreensaver5          4:4.11.3-2
ii  libqt4-opengl             4:4.8.4+dfsg-4
ii  libqtcore4                4:4.8.4+dfsg-4
ii  libqtgui4                 4:4.8.4+dfsg-4
ii  libstdc++6                4.8.2-10
ii  libx11-6                  2:1.6.2-1

Versions of packages kscreensaver recommends:
ii  kde-window-manager    4:4.11.3-2
ii  kscreensaver-xsavers  4:4.8.4-5

kscreensaver suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to