oss-sec mailing list archives

CVE request: xscreensaver aborts when unpluging second monitor cable when asking password

From: Mamoru TASAKA <mtasaka () fedoraproject org>
Date: Sun, 25 Oct 2015 00:12:38 +0900

Hello, all:

I received a Fedora bug report
https://bugzilla.redhat.com/show_bug.cgi?id=1274452
that on XFCE,

* using VGA and HDMI dual monitor (for example)
* lock the screen with $ xscreensaver-command -lock
* move mouse, password dialog appears
* during the time password dialog still appears, unplug HDMI cable

then xscreensaver abort()s (actually it abort()s,
not segv, however I guess it is not important)
(at the line 420 in xscreensaver-5.33/driver/subprocs.c)

100% reproducible. This issue is already in public as
https://twitter.com/Thaolia/status/656823859304398848

I and the upstream developer already tracked down the cause
and the upstream send me a patch, which seems to be
working. hopefully the upstream
will release the new version soon.

Please assign a CVE ID for this.

Best regards,
Mamoru TASAKA <mtasaka () fedoraproject org>

Current thread:

CVE request: xscreensaver aborts when unpluging second monitor cable when asking password Mamoru TASAKA (Oct 24)
- Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password Mamoru TASAKA (Oct 25)
- Re: CVE request: xscreensaver aborts when unpluging second monitor cable when asking password cve-assign (Oct 29)