Source: gnome-shell Version: 3.36.4-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for gnome-shell. CVE-2020-17489[0]: | An issue was discovered in certain configurations of GNOME gnome-shell | through 3.36.4. When logging out of an account, the password box from | the login dialog reappears with the password still visible. If the | user had decided to have the password shown in cleartext at login | time, it is then visible for a brief moment upon a logout. (If the | password were never shown in cleartext, only the password length is | revealed.) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-17489 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17489 [1] https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 [2] https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377 [3] https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04 Please adjust the affected versions in the BTS as needed. Regards, Salvatore