Package: xss-lock Version: 0.3.0-5 Severity: normal Tags: upstream When the X screensaver extension cycle time (as in 'xset s TIMEOUT CYCLE') is set to 0 and xss-lock is run with a notification command (the -n option), the locker command is not being run at all when timeout is reached. This of course has some security implications.
This would perhaps not be a big problem, but xfce4-power-manager seems to really want to set the screensaver cycle time to 0 on startup, or whenever the 'Blank after' time is changed on the GUI. I think the correct behaviour in the case of cycle time = 0 would be to run the notification and locker commands one after the other. -- System Information: Debian Release: 9.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 4.9.0-8-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages xss-lock depends on: ii libc6 2.24-11+deb9u3 ii libglib2.0-0 2.50.3-2 ii libxcb-screensaver0 1.12-1 ii libxcb-util0 0.3.8-3+b2 ii libxcb1 1.12-1 xss-lock recommends no packages. xss-lock suggests no packages. -- no debconf information
