Package: xscreensaver Version: 5.30-1+b1 Severity: normal Dear Maintainer,
The test case is the following: - have xscreensaver started with lock after n minutes - put machine to sleep with pm-suspend - wait n+ minutes - wake from sleep - there is a half-second during which the scrennsaver+lock is not active, meaning 1- one can see the contents of the desktop and open applications 2- one can actually interact and issue a command (theoretically even kill the screensaver daemon) before the screen actually goes to screensaver+lock (again, in that split second not much can be done, but still) I've had this in wheezy and jessie. IMO this is somewhat of a security issue, especially for laptop user who's likely to use suspend and have the laptop in an "hostile" environment. Thanks for looking into this, and thanks for your work on xscreensaver Regards, Brian -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages xscreensaver depends on: ii libatk1.0-0 2.14.0-1 ii libc6 2.19-17 ii libcairo2 1.14.0-2.1 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-3 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglade2-0 1:2.6.4-2 ii libglib2.0-0 2.42.1-1 ii libgtk2.0-0 2.24.25-3 ii libice6 2:1.0.9-1+b1 ii libpam0g 1.1.8-3.1 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-0 1.36.8-3 ii libsm6 2:1.2.2-1+b1 ii libx11-6 2:1.6.2-3 ii libxext6 2:1.3.3-1 ii libxi6 2:1.7.4-1+b2 ii libxinerama1 2:1.1.3-1+b1 ii libxml2 2.9.1+dfsg1-5 ii libxmu6 2:1.1.2-1 ii libxpm4 1:3.5.11-1+b1 ii libxrandr2 2:1.4.2-1+b1 ii libxrender1 1:0.9.8-1+b1 ii libxt6 1:1.1.4-1+b1 ii libxxf86vm1 1:1.1.3-1+b1 ii xscreensaver-data 5.30-1+b1 Versions of packages xscreensaver recommends: ii libjpeg-turbo-progs [libjpeg-progs] 1:1.3.1-12 ii miscfiles [wordlist] 1.4.2.dfsg.1-9.1 ii perl [perl5] 5.20.2-3 Versions of packages xscreensaver suggests: ii chromium [www-browser] 41.0.2272.76-2 pn fortune <none> pn gdm3 | kdm-gdmcompat <none> ii google-chrome-stable [www-browser] 41.0.2272.118-1 ii iceweasel [www-browser] 31.5.3esr-1 pn qcam | streamer <none> pn xdaliclock <none> pn xfishtank <none> pn xscreensaver-gl <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
