Ubuntu
plasma-workspace package

plasma-workspace CVE-2016-2312

Bug #1554656 reported by Nick B. on 2016-03-08

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	plasma-workspace (Debian)	Fix Released	Unknown	debbugs #814355
	plasma-workspace (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

The plasma-workspace package is vulnerable to CVE-2016-2312. The bug has been fixed upstream see https://www.kde.org/info/security/advisory-20160209-1.txt

The specific patch needed for Ubuntu 15.10 is http://commits.kde.org/plasma-workspace/23a9ed7ba9995570227dbcd69c23f009de7dde49

plasma-workspace:
  Installed: 4:5.4.2-0ubuntu1
  Candidate: 4:5.4.2-0ubuntu1
  Version table:
*** 4:5.4.2-0ubuntu1 0
        500 http://mirror.us.leaseweb.net/ubuntu/ wily/universe amd64 Packages
        100 /var/lib/dpkg/status

Tags:

CVE References

2016-2312

Revision history for this message

Nick B. (futurepilot) wrote on 2016-03-08:

plasma-workspace-CVE-2016-2312.patch Edit (577 bytes, text/plain)

Revision history for this message

Nick B. (futurepilot) wrote on 2016-03-08:

plasma-workspace_5.4.2-0ubuntu1.1.debdiff Edit (2.0 KiB, text/plain)

Debdiff for plasma-workspace

Marc Deslauriers (mdeslaur) on 2016-03-08

information type:

Private Security → Public Security

Bug Watch Updater (bug-watch-updater) on 2016-03-09

Changed in plasma-workspace (Debian):
status:	Unknown → Fix Released

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2016-03-09:

Thanks Nick, packages are building now, I'll release them tomorrow.

I made some changes:

- I modified the debian/changelog to match our format https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
- I modified the patch to include dep3 tags: http://dep.debian.net/deps/dep3/

Thanks

Flames_in_Paradise (ellisistfroh-deactivatedaccount) on 2016-03-09

tags:

added: wily

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-03-10:

This bug was fixed in the package plasma-workspace - 4:5.4.2-0ubuntu1.1

---------------
plasma-workspace (4:5.4.2-0ubuntu1.1) wily-security; urgency=medium

  * SECURITY UPDATE: lock screen bypass by turning monitor off and on
    (LP: #1554656)
    - debian/patches/plasma-workspace-CVE-2016-2312.patch - fix lockscreen for
      turning monitor off and on
    - CVE-2016-2312

-- Nick Bryda <email address hidden> Tue, 08 Mar 2016 12:02:28 -0500

Changed in plasma-workspace (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #814355
[done grave security upstream patch fixed-upstream] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuplasma-workspace package

plasma-workspace CVE-2016-2312

Bug Description

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
plasma-workspace package