A security issue in xscreensaver when used with XFce was reported: http://openwall.com/lists/oss-security/2015/10/24/2 The issue was fixed in 5.34, with the patch linked in this message: http://openwall.com/lists/oss-security/2015/10/25/1 Reproducible: Steps to Reproduce:
As fedora already provides version 5.33 while we have version 5.29 for Mga5 and because we have bug mga#15460, I have updated that version to 5.34 (and, for Cauldron, I replaced 5.33 by 5.34).
Suggested advisory: ======================== The updated xscreensaver packages fix a security issue when used, in some cases, with dual screen and unplugging one of them. ======================== Updated packages in core/updates_testing: ======================== i586: xscreensaver-5.34-2.mga5.i586.rpm xscreensaver-base-5.34-2.mga5.i586.rpm xscreensaver-common-5.34-2.mga5.i586.rpm xscreensaver-extrusion-5.34-2.mga5.i586.rpm xscreensaver-gl-5.34-2.mga5.i586.rpm x86_64: xscreensaver-5.34-2.mga5.x86_64.rpm xscreensaver-base-5.34-2.mga5.x86_64.rpm xscreensaver-common-5.34-2.mga5.x86_64.rpm xscreensaver-extrusion-5.34-2.mga5.x86_64.rpm xscreensaver-gl-5.34-2.mga5.x86_64.rpm Source RPMs: xscreensaver-5.34-2.mga5.src.rpm
Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroAssignee: nicolas.salguero => qa-bugs
Thanks Nicolas! Don't forget to rebuild it in Cauldron since the release tag was bumped in mga5.
In fact, I began by Cauldron because switching from 5.33 to 5.34 was easier than switching from 5.29 to 5.34 (all the patches which had been updated to fit 5.33 applied as is in 5.34).
Yes I see, but we have 1.mga6 and 2.mga5 right now, so it won't upgrade properly.
Oops, I missed that problem, sorry. I rebuild in Cauldron with 2.mga6.
CVE-2015-8025 assigned: http://openwall.com/lists/oss-security/2015/10/29/12 Please update the advisory.
Summary: xscreensaver new security issue fixed upstream in 5.34 => xscreensaver new security issue fixed upstream in 5.34 (CVE-2015-8025)
Debian-LTS has issued an advisory for this on October 31: http://lwn.net/Vulnerabilities/662785/
URL: (none) => http://lwn.net/Vulnerabilities/662785/
MGA5-32 on Acer D620 Xfce No installation issues. It does not break anything apparently, but the screensaver does not seem to work. I put the time to 2 min, but after 3 min nothing had happened yet (even rebooting after the changes does not help). Only the black screen appears after its time-out. Switching it off completely works OK (and that's my preferred setting), so OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA5-32-OK
mga5 - x86-64 - Mate default: xscreensaver-5.29-6.1 Updated to 5.34-2 Set the timeout to 1 minute and the screensaver launched on time and worked fine. Will try a 32-bit VM tomorrow to check Herman's result.
CC: (none) => tarazed25
32-bit install in virtualbox on an x86_64 system. Set a minute timeout for the screensaver and it worked fine.
Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
The behavior described by Herman seems related to bug 15460.
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0431.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED