** Description changed: - Please see: + [Impact] + Users running gnome-screensaver or cinnamon-screensaver may get their lock screen bypassed by users pressing the menu key before the password prompt turns up. + [Testcase] + Start GNOME or any other desktop running gnome-screensaver. Open a terminal. Lock the screen. Before pressing any other key, press the menu key on the keyboard. + + Results: + * Without this patch: the menu comes up and after that the terminal, being the window that had focus before the lock, receives all keyboard input. It's very hard to get the input to go to the password field. + * With this patch: the password prompt comes up and has focus. Any keys pressed go to the password field. + + [Regression potential] + The patch removes one function from gtk-window (popup-menu) that was only present for a short time. It's already been removed in the gtk version present in Utopic. It's very unlikely that any other issues will come up because of this. + + [More info] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145 + https://bugzilla.redhat.com/show_bug.cgi?id=1064695 + https://mail.gnome.org/archives/commits-list/2014-January/msg03294.html + https://github.com/linuxmint/cinnamon-screensaver/issues/44
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1366790 Title: Fix for CVE-2014-1949 (GTK 3.10.x) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
