CVE-2014-1949 was assigned to cinnamon-screensaver. The fix for this issue actually lies in gtk+3.0, in the following commit:
https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4 gtk+3.0 is already fixed in utopic, and we only have connamon- screensaver in utopic. Hence, this issue doesn't have a security impact in trusty. If you would like this fixed in the gtk+3.0 package in trusty, it will need to be done through the SRU process just like other bug fixes. Please see the following for the procedure: https://wiki.ubuntu.com/StableReleaseUpdates ** Also affects: gtk+3.0 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: gtk+3.0 (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: gtk+3.0 (Ubuntu Utopic) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-1949 ** Changed in: gtk+3.0 (Ubuntu Trusty) Status: New => Confirmed ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1366790 Title: Fix for CVE-2014-1949 (GTK 3.10.x) Status in “gtk+3.0” package in Ubuntu: Fix Released Status in “gtk+3.0” source package in Trusty: Confirmed Status in “gtk+3.0” source package in Utopic: Fix Released Bug description: Please see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp