xlockmore 5.45 has been announced on December 2, fixing a potential security issue: http://calypso.tux.org/pipermail/xlock-announce/2014/000059.html Freeze push requested for Cauldron for xlockmore 5.45. The upstream patch is committed in Mageia 4 SVN. Reproducible: Steps to Reproduce:
Patched package uploaded for Mageia 4. Advisory to come later. For now, see the upstream reference in Comment 0. xlockmore-5.43-2.1.mga4 xlockmore-gtk2-5.43-2.1.mga4 from xlockmore-5.43-2.1.mga4.src.rpm
CC: (none) => dirteatAssignee: bugsquad => qa-bugs
Procedure: https://bugs.mageia.org/show_bug.cgi?id=10799#c1
Whiteboard: (none) => has_procedure
MGA-64 on HP Probook 6555b No installation issues Run xlock at CLI, locks an unlocks nicely.
CC: (none) => herman.viaeneWhiteboard: has_procedure => has_procedure MGA4-64-OK
MGA4-32b on Acer D620 No installation issues Run xlock at CLI, locks an unlocks nicely.
Whiteboard: has_procedure MGA4-64-OK => has_procedure MGA4-64-OK MGA-32-OK
Make sure you test the pyro2 screensaver specifically, as that's the one that's affected by this update.
Tested on both 64 and 32 with CLI command xlock -mode pyro2 No problems seen.
Whiteboard: has_procedure MGA4-64-OK MGA-32-OK => has_procedure MGA4-64-OK MGA4-32-OK
Needs advisory here too please.
here you go (I did not find any CVE number however) Advisory: ======================== Updated xlockmore packages fix security vulnerability: xlockmore before 5.45 contains a security flaw related to a bad value of fnt for pyro2 which could cause an X error. This update backports the fix for version 5.43. References: http://calypso.tux.org/pipermail/xlock-announce/2014/000059.html Updated packages in core/updates_testing: ======================== xlockmore-5.43-2.1.mga4 xlockmore-gtk2-5.43-2.1.mga4 from SRPMS: xlockmore-5.43-2.1.mga4.src.rpm
Thanks Chris Validating. Advisory uploaded. Please push to updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0554.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/628115/