Debian Bug report logs - #278190
xtrlock unlocks upon very long input

version graph

Package: xtrlock; Maintainer for xtrlock is Matthew Vernon <matthew@debian.org>; Source for xtrlock is src:xtrlock.

Reported by: muec@mail.ustc.edu.cn

Date: Mon, 25 Oct 2004 12:18:14 UTC

Severity: critical

Tags: confirmed, patch, security, woody

Merged with 278191

Found in version 2.0-8

Fixed in version xtrlock/2.0-9

Done: Matthew Vernon <matthew@sel.cam.ac.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#278190; Package xtrlock. Full text and rfc822 format available.

Acknowledgement sent to muec@mail.ustc.edu.cn:
New Bug report received and forwarded. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: muec@mail.ustc.edu.cn
To: submit@bugs.debian.org
Subject: xtrlock unlocks upon very long input
Date: Mon, 25 Oct 2004 20:07:08 +0800 (CST)
Package: xtrlock
Version: 2.0-8

xtrlock can be bypassed by holding down any key for 1 minute and then
pressing Enter.

I am using Debian GNU/Linux 3.1, kernel 2.6.8-1-686,
libc6 2.3.2.ds1-16, xlibs 4.3.0.dfsg.1-7 and Gnome 2.




Merged 278190 278191. Request was from Stephen Quinney <stephen@jadevine.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `critical'. Request was from Stephen Quinney <stephen@jadevine.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: security Request was from Stephen Quinney <stephen@jadevine.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: confirmed Request was from Justin Pryzby <justinpryzby@users.sourceforge.net> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: patch Request was from Justin Pryzby <justinpryzby@users.sourceforge.net> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Matthew Vernon <matthew@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to muec@mail.ustc.edu.cn:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #20 received at 278190-close@bugs.debian.org (full text, mbox):

From: Matthew Vernon <matthew@debian.org>
To: 278190-close@bugs.debian.org
Subject: Bug#278190: fixed in xtrlock 2.0-9
Date: Mon, 17 Jan 2005 06:02:02 -0500
Source: xtrlock
Source-Version: 2.0-9

We believe that the bug you reported is fixed in the latest version of
xtrlock, which is due to be installed in the Debian FTP archive:

xtrlock_2.0-9.dsc
  to pool/main/x/xtrlock/xtrlock_2.0-9.dsc
xtrlock_2.0-9.tar.gz
  to pool/main/x/xtrlock/xtrlock_2.0-9.tar.gz
xtrlock_2.0-9_i386.deb
  to pool/main/x/xtrlock/xtrlock_2.0-9_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 278190@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthew Vernon <matthew@debian.org> (supplier of updated xtrlock package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.7
Date: Mon, 17 Jan 2005 10:47:09 +0000
Source: xtrlock
Binary: xtrlock
Architecture: source i386
Version: 2.0-9
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Matthew Vernon <matthew@debian.org>
Description: 
 xtrlock    - Minimal X display lock program
Closes: 264173 278190 278191
Changes: 
 xtrlock (2.0-9) unstable; urgency=high
 .
   * Fix the problem whereby we unlocked on long input (closes: #278191, #278190)
   * tidy up a switch statement (closes: #264173)
Files: 
 2b5cb5f98847a8e37b618a95cac9f634 599 x11 optional xtrlock_2.0-9.dsc
 f268de7457416ba57d4b757e62e9eece 7437 x11 optional xtrlock_2.0-9.tar.gz
 c35a5610aa22f4371cfc083f6bdfcc9d 9142 x11 optional xtrlock_2.0-9_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBQeuYF7DSad4X89TRAQHqngP/crvhfHGo463PFP16jtPA6MVTTW2YX0eq
dc87l0eFxFK/Fq6r9I3GTKmQ1LDA7M8ok0zB2DetRvZJg+qZcycUSI7DKLwDEYHp
7H/Je+6Vv/dxWbSwhlIa1lcJLFyJ5HVnjem0sGZuJnNM73M1RqeLxpNuIJBO+z52
Nl4aFO4b55s=
=pPXN
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#278190; Package xtrlock. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #25 received at 278190@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: 278191@bugs.debian.org, 278190@bugs.debian.org
Subject: CAN-2005-0079: authentication bypass via integer overflow
Date: Mon, 17 Jan 2005 18:39:34 +0100
Just for references, this issue has been assigned CAN-2005-0079.
A Debian advisory will follow.

Regards,

	Joey

-- 
MIME - broken solution for a broken design.  -- Ralf Baechle

Please always Cc to me when replying to me on the lists.



Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#278190; Package xtrlock. Full text and rfc822 format available.

Acknowledgement sent to Justin Pryzby <justinpryzby@users.sourceforge.net>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #30 received at 278190@bugs.debian.org (full text, mbox):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>
To: Martin Schulze <joey@infodrom.org>, control@bugs.debian.org
Cc: 278190@bugs.debian.org
Subject: Re: Bug#278191: CAN-2005-0079: authentication bypass via integer overflow
Date: Mon, 17 Jan 2005 14:12:08 -0500
reopen 278191
tag 278191 woody
thanks

Correct?

On Mon, Jan 17, 2005 at 06:39:34PM +0100, Martin Schulze wrote:
> Just for references, this issue has been assigned CAN-2005-0079.
> A Debian advisory will follow.



Bug reopened, originator not changed. Request was from Justin Pryzby <justinpryzby@users.sourceforge.net> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: woody Request was from Justin Pryzby <justinpryzby@users.sourceforge.net> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#278190; Package xtrlock. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #39 received at 278190@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Justin Pryzby <justinpryzby@users.sourceforge.net>
Cc: 278190@bugs.debian.org
Subject: Re: Bug#278191: CAN-2005-0079: authentication bypass via integer overflow
Date: Mon, 17 Jan 2005 20:19:28 +0100
Justin Pryzby wrote:
> reopen 278191
> tag 278191 woody
> thanks
> 
> Correct?

In generall yes and only if the security team is contacted in parallel,
but please close them as I surely forget this.

Regards,

	Joey

-- 
MIME - broken solution for a broken design.  -- Ralf Baechle

Please always Cc to me when replying to me on the lists.



Reply sent to Matthew Vernon <matthew@sel.cam.ac.uk>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to muec@mail.ustc.edu.cn:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #44 received at 278190-done@bugs.debian.org (full text, mbox):

From: Matthew Vernon <matthew@sel.cam.ac.uk>
To: 278191-done@bugs.debian.org, 278190-done@bugs.debian.org
Subject: DSA out
Date: Thu, 20 Jan 2005 10:37:55 +0000
The DSA regarding these bugs has been released, so they can be laid to 
rest.

Matthew

-- 
Matthew Vernon MA VetMB LGSM MRCVS
Farm Animal Epidemiology and Informatics Unit
Department of Veterinary Medicine, University of Cambridge




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 14:22:45 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.