Bug#1052067: gnome-shell: CVE-2023-43090: screenshot tool allows viewing open windows when session is locked

Salvatore Bonaccorso carnil at debian.org
Sun Sep 17 15:49:59 BST 2023


Hi Simon,

On Sun, Sep 17, 2023 at 03:12:00PM +0100, Simon McVittie wrote:
> On Sat, 16 Sep 2023 at 22:53:55 +0200, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for gnome-shell.
> > 
> > CVE-2023-43090[0]:
> > | Screenshot tool allows viewing open windows when session is locked
> 
> Thank you for reporting this. I'm preparing a 44.5 upload for unstable now,
> after which I will look at fixes for older suites.

Thanks!

> Does the security team intend to issue a DSA for this? It would be really
> helpful if CVE reports from the security team could explicitly mention the
> DSA status (wanted / not planned / undecided) so that maintainers can do
> the right thing (preparing a security upload or a stable-proposed-updates
> upload), without always needing an extra email round-trip to ask what the
> right thing is going to be.

I can understand the desire; usually our triaging process for things
which are unfixed yet in the topmost unstable suite, are first
reported (to make maintainers aware in case they do not know yet),
then an orthogonal step might be to assess the package.

In case it is already decided to not handle it via a DSA then a no-dsa
tagged entry would be found in the security-tracker.

In this case we even not have yet decided if it's warranted or not,
but I just aimed to make an unstable report to get it for sure fixed
there already.

Lets decide on it and either me or another team member will come back
to you.

Regards,
Salvatore



More information about the pkg-gnome-maintainers mailing list