[Touch-packages] [Bug 1399502] [NEW] Lock screen can lose focus and send keystrokes to some other application
*** This bug is a security vulnerability *** Public security bug reported: I have a user that reported the unity lock screen losing focus and sending keystrokes to the application behind it. This seems similar to https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1358504 but that bug is marked as fixed. In their specific case they were using chrome with google hangouts (using chrome's google hangouts extension: https://chrome.google.com/webstore/detail/hangouts/nckgahadagoaajjgafhacjanaoiihapd?hl=en) when they locked their screen. Upon coming back they typed their password and hit enter, but the screen did not unlock. They had to manually click in the password field and type their password before it would unlock. Upon unlocking they discovered that they had a hangouts window open with a colleague and had sent their password to them (I'm assuming during that first try when the lock screen did not unlock). $ lsb_release -rd Description:Ubuntu 14.04.1 LTS Release:14.04 $ apt-cache policy unity unity: Installed: 7.2.3+14.04.20140826-0ubuntu1.0.1 I'm currently trying to find a way to reproduce this, but haven't managed to yet. ** Affects: unity (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1399502 Title: Lock screen can lose focus and send keystrokes to some other application Status in unity package in Ubuntu: New Bug description: I have a user that reported the unity lock screen losing focus and sending keystrokes to the application behind it. This seems similar to https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1358504 but that bug is marked as fixed. In their specific case they were using chrome with google hangouts (using chrome's google hangouts extension: https://chrome.google.com/webstore/detail/hangouts/nckgahadagoaajjgafhacjanaoiihapd?hl=en) when they locked their screen. Upon coming back they typed their password and hit enter, but the screen did not unlock. They had to manually click in the password field and type their password before it would unlock. Upon unlocking they discovered that they had a hangouts window open with a colleague and had sent their password to them (I'm assuming during that first try when the lock screen did not unlock). $ lsb_release -rd Description: Ubuntu 14.04.1 LTS Release: 14.04 $ apt-cache policy unity unity: Installed: 7.2.3+14.04.20140826-0ubuntu1.0.1 I'm currently trying to find a way to reproduce this, but haven't managed to yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1399502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1358504] Re: Screensaver leaks password key-presses through to applications
The machine was rebooted a little over a day ago. I'm pretty certain it had the update well before then. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1358504 Title: Screensaver leaks password key-presses through to applications Status in Unity: Confirmed Status in unity package in Ubuntu: Confirmed Bug description: This is similar to the bug described in: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1306970 But as that is marked fixed, perhaps this is something different. A few times, I have been unable to enter my password until I had clicked in the top right corner, and back into the password box. I hadn't suspected anything serious, until today when I tried to log in, and eventually got in, seeing that my password had been set to my web browser. In addition, I've also had instances where I've had to enter the password twice, and instances when I've come to the computer and it appeared not to be locked, until I moved the mouse, and the lock screen displayed. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: unity 7.2.2+14.04.20140714-0ubuntu1.1 ProcVersionSignature: Ubuntu 3.13.0-34.60-generic 3.13.11.4 Uname: Linux 3.13.0-34-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.3 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CurrentDesktop: Unity Date: Mon Aug 18 22:21:21 2014 InstallationDate: Installed on 2014-08-14 (3 days ago) InstallationMedia: Ubuntu 14.04.1 LTS Trusty Tahr - Release amd64 (20140722.2) SourcePackage: unity UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1358504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1399502] Re: Lock screen can lose focus and send keystrokes to some other application
The machine was rebooted a little over a day ago. I'm pretty certain it had the update well before then. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1399502 Title: Lock screen can lose focus and send keystrokes to some other application Status in unity package in Ubuntu: New Bug description: I have a user that reported the unity lock screen losing focus and sending keystrokes to the application behind it. This seems similar to https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1358504 but that bug is marked as fixed. In their specific case they were using chrome with google hangouts (using chrome's google hangouts extension: https://chrome.google.com/webstore/detail/hangouts/nckgahadagoaajjgafhacjanaoiihapd?hl=en) when they locked their screen. Upon coming back they typed their password and hit enter, but the screen did not unlock. They had to manually click in the password field and type their password before it would unlock. Upon unlocking they discovered that they had a hangouts window open with a colleague and had sent their password to them (I'm assuming during that first try when the lock screen did not unlock). $ lsb_release -rd Description: Ubuntu 14.04.1 LTS Release: 14.04 $ apt-cache policy unity unity: Installed: 7.2.3+14.04.20140826-0ubuntu1.0.1 I'm currently trying to find a way to reproduce this, but haven't managed to yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1399502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1358504] Re: Screensaver leaks password key-presses through to applications
Apologies. I was trying to respond to a different bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1358504 Title: Screensaver leaks password key-presses through to applications Status in Unity: Confirmed Status in unity package in Ubuntu: Confirmed Bug description: This is similar to the bug described in: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1306970 But as that is marked fixed, perhaps this is something different. A few times, I have been unable to enter my password until I had clicked in the top right corner, and back into the password box. I hadn't suspected anything serious, until today when I tried to log in, and eventually got in, seeing that my password had been set to my web browser. In addition, I've also had instances where I've had to enter the password twice, and instances when I've come to the computer and it appeared not to be locked, until I moved the mouse, and the lock screen displayed. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: unity 7.2.2+14.04.20140714-0ubuntu1.1 ProcVersionSignature: Ubuntu 3.13.0-34.60-generic 3.13.11.4 Uname: Linux 3.13.0-34-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.3 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CurrentDesktop: Unity Date: Mon Aug 18 22:21:21 2014 InstallationDate: Installed on 2014-08-14 (3 days ago) InstallationMedia: Ubuntu 14.04.1 LTS Trusty Tahr - Release amd64 (20140722.2) SourcePackage: unity UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1358504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1164083] Re: libreoffice spams stdout with Fontconfig warning: ignoring C.UTF-8: not a valid language tag
Facing the same issue. According to https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=717423 this has been fixed in fontconfig=2.11.0-2 ** Bug watch added: Debian Bug tracker #717423 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717423 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to fontconfig in Ubuntu. https://bugs.launchpad.net/bugs/1164083 Title: libreoffice spams stdout with Fontconfig warning: ignoring C.UTF-8: not a valid language tag Status in “fontconfig” package in Ubuntu: New Bug description: when libreoffice is started from the shell command line, it spams the terminal window with a stream of messages Fontconfig warning: ignoring C.UTF-8: not a valid language tag This message should be reported at most once per libreoffice invocation. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: fontconfig 2.10.1-0ubuntu3 ProcVersionSignature: Ubuntu 3.5.0-26.42-generic 3.5.7.6 Uname: Linux 3.5.0-26-generic x86_64 ApportVersion: 2.6.1-0ubuntu10 Architecture: amd64 Date: Wed Apr 3 14:22:46 2013 InstallationDate: Installed on 2011-11-01 (519 days ago) InstallationMedia: Ubuntu 11.10 Oneiric Ocelot - Release amd64 (20111012) MarkForUpload: True SourcePackage: fontconfig UpgradeStatus: Upgraded to quantal on 2013-03-21 (12 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fontconfig/+bug/1164083/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
