oss-sec mailing list archives

Re: CVE id request: xscreensaver

From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 25 May 2008 16:54:09 +0200

Hi Tomas,
* Tomas Hoger <thoger () redhat com> [2008-05-25 15:52]:

On Sun, 25 May 2008 18:29:13 +1000 Steffen Joeris
<steffen.joeris () skolelinux de> wrote:

Pierre Habouzit discovered that resizing with the xrandr tool can
crash xscreensaver.

Debian Bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482385

The tested version of xscreensaver is 5.05-1, but at the moment there
is no reason to assume that the bug did not exist in previous
versions.


Is there any known attack vector crossing trust boundary?  Usage of
xrandr should be fully under the control of the user running
xscreensaver.


I don't see any, looks more like an normal application bug to me.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE id request: xscreensaver Steffen Joeris (May 25)
- Re: CVE id request: xscreensaver Tomas Hoger (May 25)
  - Re: CVE id request: xscreensaver Steffen Joeris (May 25)
  - Re: CVE id request: xscreensaver Nico Golde (May 25)
  - Re: CVE id request: xscreensaver Bernhard R. Link (May 25)