*** This bug is a security vulnerability ***

Public security bug reported:

It was found in cinnamon-screensaver that pressing ē can crash the
screensaver and Cinnamon DE itself.

This is a regression of solving CVE-2020-25712 (https://cve.mitre.org
/cgi-bin/cvename.cgi?name=CVE-2020-25712) in xserver
(https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9)

The following versions of Cinnamon are affected:
4.4 - Focal
4.6 - Groovy
4.8 - Hirsute (unstable)

Upstream caribou doesn't seem very maintained anymore. Hopefully patch
will be put upstream so Hirsute can be solved. After that I will SRU
Focal and Groovy.

TL;DR: Caribou segfaults on pressing ē which can cause a screensaver
bypass to cinnamon-screensaver and possibly any screensaver application
using gir1.2-caribou-1.0.

ProblemType: Bug
DistroRelease: Ubuntu 20.10
Package: gir1.2-caribou-1.0 0.4.21-7
ProcVersionSignature: Ubuntu 5.8.0-33.36-generic 5.8.17
Uname: Linux 5.8.0-33-generic x86_64
ApportVersion: 2.20.11-0ubuntu50.3
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Sat Jan 16 10:36:59 2021
InstallationDate: Installed on 2020-10-23 (85 days ago)
InstallationMedia: Ubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
RebootRequiredPkgs:
 linux-image-5.8.0-38-generic
 linux-base
SourcePackage: caribou
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: caribou (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug focal groovy hirsute regression

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912060

Title:
  Segfault with gir1.2-caribou-1.0 keyboard device info regression

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to