CVE-2014-1949 was assigned to cinnamon-screensaver. The fix for this issue actually lies in gtk+3.0, in the following commit:
https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4 gtk+3.0 is already fixed in utopic, and we only have connamon- screensaver in utopic. Hence, this issue doesn't have a security impact in trusty. If you would like this fixed in the gtk+3.0 package in trusty, it will need to be done through the SRU process just like other bug fixes. Please see the following for the procedure: https://wiki.ubuntu.com/StableReleaseUpdates ** Also affects: gtk+3.0 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: gtk+3.0 (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: gtk+3.0 (Ubuntu Utopic) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-1949 ** Changed in: gtk+3.0 (Ubuntu Trusty) Status: New => Confirmed ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1366790 Title: Fix for CVE-2014-1949 (GTK 3.10.x) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
