*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Eduardo Barretto 


after using Lubuntu for years, I was just giving Xubuntu a try and have
installed a machine with Xubuntu, and was astonished to see confidential
data in my home directory largely on the screen when the computer is


XFCE4 comes with a screensaver that by default picks a random
screensaver art program every time it starts. And one of the programs it
randomly picks is "slideshow", which shows the Pictures from ~/Pictures
on the locked screen, thus revealing confidential screen shots, scans,

What stupid concept is it, to display data from the account on the screen of a 
locked computer?

What's the point in locking the computer then?

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: xfce4-screensaver 4.16.0-1
ProcVersionSignature: Ubuntu 5.15.0-56.62-generic 5.15.64
Uname: Linux 5.15.0-56-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: XFCE
Date: Tue Jan  3 08:49:10 2023
InstallationDate: Installed on 2022-12-25 (8 days ago)
InstallationMedia: Xubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
SourcePackage: xfce4-screensaver
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: xfce4-screensaver (Ubuntu)
     Importance: Undecided
         Status: New

** Tags: amd64 apport-bug jammy
xfce4 screensaver revealing confidential data when computer is locked
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

ubuntu-bugs mailing list

Reply via email to