*** This bug is a security vulnerability *** Public security bug reported:
It was found in cinnamon-screensaver that pressing ē can crash the screensaver and Cinnamon DE itself. This is a regression of solving CVE-2020-25712 (https://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2020-25712) in xserver (https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9) The following versions of Cinnamon are affected: 4.4 - Focal 4.6 - Groovy 4.8 - Hirsute (unstable) Upstream caribou doesn't seem very maintained anymore. Hopefully patch will be put upstream so Hirsute can be solved. After that I will SRU Focal and Groovy. TL;DR: Caribou segfaults on pressing ē which can cause a screensaver bypass to cinnamon-screensaver and possibly any screensaver application using gir1.2-caribou-1.0. ProblemType: Bug DistroRelease: Ubuntu 20.10 Package: gir1.2-caribou-1.0 0.4.21-7 ProcVersionSignature: Ubuntu 5.8.0-33.36-generic 5.8.17 Uname: Linux 5.8.0-33-generic x86_64 ApportVersion: 2.20.11-0ubuntu50.3 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Sat Jan 16 10:36:59 2021 InstallationDate: Installed on 2020-10-23 (85 days ago) InstallationMedia: Ubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash RebootRequiredPkgs: linux-image-5.8.0-38-generic linux-base SourcePackage: caribou UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: caribou (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal groovy hirsute regression ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912060 Title: Segfault with gir1.2-caribou-1.0 keyboard device info regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
