Bug#1052067: gnome-shell: CVE-2023-43090: screenshot tool allows viewing open windows when session is locked
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 17 19:57:36 BST 2023
Hi Simon,
On Sun, Sep 17, 2023 at 07:09:45PM +0100, Simon McVittie wrote:
> On Sun, 17 Sep 2023 at 19:39:24 +0200, Moritz Mühlenhoff wrote:
> > Does this also affect oldstable?
>
> As far as I can tell, oldstable is not affected by this, because it
> doesn't appear to have the new screenshot UI in js/ui/screenshot.js that
> has the vulnerability. Pressing Print Screen in the lock screen in an
> oldstable GNOME VM just opens the password prompt, the same as if I had
> pressed Escape or Backspace.
Do you think it's safe to say that the issue is introduced around the
commits which introduce in the screenshot-ui the screenshot/screencast
toggles, e.g. 497d9f32eb02 ("screenshot-ui: Add screenshot/screencast
toggle") and eb60fa290882 ("screenshot-ui: Bind button to shot/cast")
which are in 42.beta upstream?
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list