Bug#784962: jessie-pu: package caja/1.8.2-3+deb8u1

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Mon May 11 08:22:54 UTC 2015 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu

Please pre-approve the following changes for caja in Debian jessie:

+  * debian/patches:
+    + Add 0004_avoid-automounts-while-screen-is-locked.patch. Don't mount
+      newly added USB flash drives / optical disks / etc. while a session
+      is locked by the screensaver. Delay the automounting action until the
+      session has been unlocked again. (Closes: #781608).

-> This patch fixes a nasty issue in caja when using the "Change User"
feature in KDM or GDM3.

Flashdrives and optical disks will now only get automounted after the
session of a user has been unlocked. In previous versions of caja in
Debian, the flash drive / disc would have been mounted by the locked
session (and by the running session on another VT).

Except from this being a security issue (but a no-dsa as stated by the
security team), the observed behaviour lead into a race condition between
the in parallel running MATE desktop sessions. All of them would have
tried to mount freshly inserted devices simultaneously which often made
flash drives and discs unaccessible for the currently active MATE desktop
session (because caja inside a locked session would have been faster and
thus locked the device).

light+love,
Mike

-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: caja_1.8.2-3_1.8.2-3+deb8u1.debdiff
Type: text/x-diff
Size: 11824 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mate-team/attachments/20150511/c63b6982/attachment.diff>

More information about the pkg-mate-team mailing list