Bug#455484: gnome-screensaver: new notify feature allows leaking of the selection & clipboard
Sebastian Dröge
slomo at circular-chaos.org
Tue Dec 11 09:03:01 UTC 2007
forwarded 455484 http://bugzilla.gnome.org/show_bug.cgi?id=503005
thanks
Am Montag, den 10.12.2007, 21:09 +0930 schrieb Paul Wise:
> Package: gnome-screensaver
> Version: 2.20.0-2
> Severity: normal
> Tags: security
>
> With the addition of the feature to send a message to the logged in user
> when they return and unlock a locked session, this gives local attackers
> the ability to read the X selection and clipboard buffers with a middle
> click on the mouse and a Ctrl+V. I note that the box to leave a message
> doesn't have a context menu that you could paste via, but it doesn't go
> far enough.
>
> Filed at severity normal since it isn't a really bad issue. Please
> change the severity as you see fit.
Hi,
thanks for reporting this bug. I've forwarded it upstream:
http://bugzilla.gnome.org/show_bug.cgi?id=503005
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20071211/c0b65233/attachment.pgp
More information about the pkg-gnome-maintainers
mailing list