Archlinux published a security issue with the package slock before version 1.4-2. It is vulnerable to access restriction bypass. Mageia 5 and Cauldron are concerned. The upstream 1.4 needs both patches : https://git.archlinux.org/svntogit/community.git/commit/trunk?h=packages/slock&id=3fdfd85a1e3ddcd0a4ec073eddc8c21538d34a9c https://git.archlinux.org/svntogit/community.git/commit/trunk?h=packages/slock&id=57d5583795209aaae9643a9b76318d71894fa22d Sources of the security issues : https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html http://seclists.org/oss-sec/2016/q3/333
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => dan, marja11Assignee: bugsquad => pkg-bugs
We patched the security issue a couple months ago. *** This bug has been marked as a duplicate of bug 19218 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE