New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[also affects Mint 17] [CVE-2014-1949]cinnamon-screensaver lock bypass (tested on Fedora 20) #44
Comments
|
Here's the debug output. http://pastebin.com/raw.php?i=7Ldbytmw |
|
[gs_window_real_grab_broken] gs-window-x11.c:1906 (11:43:22): Grab broken on window 260000D keyboard, new grab on window 2600020 That looks relevant. |
|
Hi, We fixed something that could relate to this today. Please re-test with git-latest, it could potentially fix this problem. |
|
I can also reproduce on Mint 17 https://dl.dropboxusercontent.com/u/6907158/cinnamon-20140511-2.webm |
|
This issue is known as CVE-2014-1949 (just to make the search easier). |
|
Any news about this? Thanks for any reply. |
|
I tried to reproduce it on Sid with latest updates and I was unable to reproduce it (I'm unable to see the menu with screensaver with key that show menu without screensaver). Thanks for any reply. |
|
one debian developer have found that is fixed in gtk: |
|
See mtwebster@da7af55 for an isolated patch for cinnamon-screensaver, which prevents an un-fixed gtk from ever receiving a popup_menu. |
|
By the way, up until now, I was of the understanding that the 'menu' key being discussed was Cinnamon's menu key, NOT the vestigial context menu key that some keyboards lack today. As a result, many of us were unable to reproduce the issue, and ignored it. An issue as critical as this, _too much information is _far* preferred over just enough* - it could have saved us a lot of time. |
|
Here's the fix in GTK: https://mail.gnome.org/archives/commits-list/2014-January/msg03294.html There's no fix needed in cinnamon-screensaver itself so I'm closing the issue. In Mint this GTK fix is going through Romeo and should be applied in the main repositories in a matter of days. PS: the "Menu" key for me meant the Super_L key... I didn't understand we were talking about the physical "Properties" key on the keyboard... we could have reproduced and probably fixed that a long time ago :) |
I can't reproduce the issue in mint so it might be systemd related
http://seclists.org/oss-sec/2014/q1/327
The text was updated successfully, but these errors were encountered: