-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3438-1 security@debian.org https://www.debian.org/security/ Michael Gilbert January 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xscreensaver CVE ID : CVE-2015-8025 Debian Bug : 802914 It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session. For the oldstable distribution (wheezy), this problem has been fixed in version 5.15-3+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 5.30-1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 5.34-1. We recommend that you upgrade your xscreensaver packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJWkdSSAAoJELjWss0C1vRz8f8gAKZVd93r5W9p1DzxjaKo0OCi cIBnzsUrCi1m89yztrecnYORFAEc5KRMras50I5OcTNQzOqyY0nl9VzfDL4mRIfP w3p1qyNDvh51+4Kjnrf3g+UxiwcvZg9Js+Y5wWGI5xMeGNyJO9nARi7E1gvHOxu5 mNoPaZTUiitxsYYR6qNliLWvqeK2DYL+cLHkzP9p14yLumlUpdML33xvgwnznUpH UlgUCsXxvrPUYgmOACQN23WZ5ETsdj6ZKArGlpCvlx2769o+MziecICY0nYvV+St KzWoFvf0CQ2JoyIKUcqWvCOl2ku14bSbIW5ySWHehvw+c9lSo/xbeYECUSXUf9d2 JoO0GPUwTCGGsXsDuTj+UxmzC+7qXOgutiMA6aXWGxWlvewy9+366GVgOqvkjOly 6/pNRVGX39xZAXdJR+jHuPldjF7iZx3v2R++Oc95nP94A3+RLksku0ZUIrG0mjli tsfzyYzvjpxDEhS5ETn4V7aKqo0veYwuUCmFgzMjRpIKG3s+jMoO8BJmBb7FW6SR EIyHvkhir7uVHG8ERJbAQxjWaBzqSOy45fDtasNSChhHZdH4NNzmFyY32Os7FjNF lVIcXYaOKr+mhnDekYWGvGj+Fr08U+dJBPUztYuRS8MClIgED+y77867PovwyQdR UM70qRYLpVDCkh46QZ/7dMEbCD5goeuJetshk90cyhl4WgRsyJMmcglIrGBi04aI yK9JuuqPLesYrlgS+IlhNwhAGVlwrLFtj9vat/E5WckjiXN/fSuLyHxtt/lKLKsx dxE889BHXrju7QzuCSH9KeGIpnm66CdWhIKn4SRZiaXjC6NbwHyNxalF/F9Xj6uy q3hPzOXYddASQEH9Wyk1swlXk92uIGq8qo8fqOH9ANygcPEdFxCvSntweIrfqg6A nJ6xBdW6aMKlLK1Tu/kq3pnIsUUz8tGIdzgYuOIucnbECIJl1SgG8O1XQXAvDx0G kFVsuxnRJ/3f88+Y0PF1n50/90NCbXBYMQfky27R4xpQXDxppkfH2HYi1MEDXZiq ZQQL5nm3ZbHprgVSQTrjiZ7E/lDv+g0iyd8EnUmTUi2BCOCPJqdW8+HvfKw74T7n sDjAn+D6IDlk+qSZwVFMgzZVhOVK8dANQIOzH8Pb2VcTTVuA4SHsEyZ75lkvpXrt 76QnSPDEo+ItK6+4j2rrZ/Smsl6ujqr7ttPLKrb+/gH/0RlYfyY+NZ6auM27bTTY eqgKvNM9apzppcX2piMf6OUKV/cMbl+XdWdq0xEgtRixBc/OzhSE+GTTySVriP7/ UeJinBxRZROJZMBzyavcd8hPX8iLpm9jp4PeyBoDaawUdbgxSc6hwjsVBDUQszY= =k6lg -----END PGP SIGNATURE-----