Fix for CVE-2014-1949 (GTK 3.10.x)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GTK+ |
Fix Released
|
Medium
|
|||
gtk+3.0 (Debian) |
Fix Released
|
Unknown
|
|||
gtk+3.0 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Users running gnome-screensaver or cinnamon-
[Testcase]
Start GNOME or any other desktop running gnome-screensaver. Open a terminal. Lock the screen. Before pressing any other key, press the menu key on the keyboard.
Results:
* Without this patch: the menu comes up and after that the terminal, being the window that had focus before the lock, receives all keyboard input. It's very hard to get the input to go to the password field.
* With this patch: the password prompt comes up and has focus. Any keys pressed go to the password field.
[Regression potential]
The patch removes one function from gtk-window (popup-menu) that was only present for a short time. It's already been removed in the gtk version present in Utopic. It's very unlikely that any other issues will come up because of this.
[More info]
https:/
https:/
https:/
https:/
CVE References
information type: | Private Security → Public Security |
description: | updated |
Changed in gtk+3.0 (Debian): | |
status: | Unknown → Fix Released |
Changed in gtk: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
CVE-2014-1949 was assigned to cinnamon- screensaver.
The fix for this issue actually lies in gtk+3.0, in the following commit:
https:/ /git.gnome. org/browse/ gtk+/commit/ ?id=1691bb741d5 0c90ee938f0b73f e81b0ca9bfd6d4
gtk+3.0 is already fixed in utopic, and we only have connamon- screensaver in utopic.
Hence, this issue doesn't have a security impact in trusty.
If you would like this fixed in the gtk+3.0 package in trusty, it will need to be done through the SRU process just like other bug fixes. Please see the following for the procedure:
https:/ /wiki.ubuntu. com/StableRelea seUpdates