Debian Bug report logs - #189381
rdesktop: xscreensaver password is put in rdesktop-session document

version graph

Package: rdesktop; Maintainer for rdesktop is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for rdesktop is src:rdesktop (PTS, buildd, popcon).

Reported by: Arie Kraai <arie@nedstat.com>

Date: Thu, 17 Apr 2003 08:18:01 UTC

Severity: important

Tags: security

Found in version 1.2.0-2

Done: Martin Pitt <martin@piware.de>

Bug is archived. No further changes may be made.

Forwarded to rdesktop-devel@lists.sourceforge.net

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Sam Johnston <samj@aos.net.au>, rdesktop@packages.qa.debian.org:
Bug#189381; Package rdesktop. (full text, mbox, link).

Acknowledgement sent to Arie Kraai <arie@nedstat.com>:
New Bug report received and forwarded. Copy sent to Sam Johnston <samj@aos.net.au>, rdesktop@packages.qa.debian.org. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Arie Kraai <arie@nedstat.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: rdesktop: xscreensaver password is put in rdesktop-session document
Date: Thu, 17 Apr 2003 10:16:24 +0200
Package: rdesktop
Version: 1.2.0-2
Severity: normal
Tags: security

A password, typed to unlock xscreensaver, is passed to rdesktop and
appears in open documents in the windows-session.
I'm not sure if this is an xscreensaver-bug, but the problem does
not occur with open "normal" (local) applications.


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux gouda 2.4.20 #1 Thu Mar 13 14:34:52 CET 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages rdesktop depends on:
ii  libc6                         2.3.1-16   GNU C Library: Shared libraries an
ii  libssl0.9.7                   0.9.7a-1   SSL shared libraries
ii  xlibs                         4.2.1-6    X Window System client libraries

-- no debconf information

Reply sent to Sam Johnston <samj@aos.net.au>:
You have marked Bug as forwarded. (full text, mbox, link).

Message #8 received at 189381-forwarded@bugs.debian.org (full text, mbox, reply):

From: Sam Johnston <samj@aos.net.au>
To: rdesktop-devel@lists.sourceforge.net
Cc: arie@nedstat.com, 189381-forwarded@bugs.debian.org
Subject: Keyboard Grabbing *SECURITY* issues
Date: Thu, 17 Apr 2003 18:54:37 +1000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tags 189381 +security +upstream
severity 189381 important
thanks

Arie,

Thankyou for your feedback. Keyboard grabbing has been an issue in the
past, but I had believed that it had been resolved in the 1.2.0 release.

The old bug report, including a bunch of spam, is available at:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=125771&archive=yes

Does anyone have a difinitive answer about this issue?

Happy Easter,

Sam

- --
Sam Johnston, Director
Australian Online Solutions
1300 132 809

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+nmvMj4XJViLpTR0RAkmxAJ933LMNDIuukTZ9gCbXOesF2YjEvwCeLnj/
CVB+ZPCiHcTjVieISQJOM8w=
=rq8E
-----END PGP SIGNATURE-----

Severity set to `important'. Request was from Sam Johnston <samj@aos.net.au> to control@bugs.debian.org. (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#189381; Package rdesktop. (full text, mbox, link).

Acknowledgement sent to Sam Johnston <samj@aos.net.au>:
Extra info received and forwarded to list. (full text, mbox, link).

Message #15 received at 189381@bugs.debian.org (full text, mbox, reply):

From: Sam Johnston <samj@aos.net.au>
To: 219497@bugs.debian.org, 227989@bugs.debian.org, 189381@bugs.debian.org, 197597@bugs.debian.org
Subject: Unreproducable bugs resolved in 1.3.1-1 upload?
Date: Thu, 05 Feb 2004 03:36:44 +1100
Are these bugs still present in the 1.3.1-1 package which will hit the 
mirrors shortly?

Sam

-- 
Sam Johnston, Director
Australian Online Solutions
http://www.aos.net.au/

Reply sent to Martin Pitt <martin@piware.de>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Arie Kraai <arie@nedstat.com>:
Bug acknowledged by developer. (full text, mbox, link).

Message #20 received at 189381-done@bugs.debian.org (full text, mbox, reply):

From: Martin Pitt <martin@piware.de>
To: 189381-done@bugs.debian.org
Subject: rdesktop 1.3.1-1 works correctly
Date: Mon, 13 Sep 2004 16:29:11 +0200
[Message part 1 (text/plain, inline)]
Hi Sam!

Daniel Silverstone just tried that out with the current rdesktop
1.3.1-1. The screensaver password does not appear in a notepad window
after a manual nor a timeout screensaver lock.

So I assume this report can be closed.

Have a nice day!

Martin

-- 
Martin Pitt                 Debian GNU/Linux Developer
martin@piware.de                      mpitt@debian.org
http://www.piware.de             http://www.debian.org

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jan 10 19:46:15 2018; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.