diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 58f027354575..9e9f4c91234f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -64,17 +64,10 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <p>Ignatios Souvatzis of NetBSD reports:</p> <blockquote cite="http://www.openwall.com/lists/oss-security/2012/10/17/10"> - <p>localtime accesses a (in the discovered case) 64bit value, which - is likely not to be valid, and returns a null pointer as an error - indication. The code in dclock.c does not check for this but, - depending on additional command-line options, either dereferences - the pointer or passes it to strftime() unconditionally, which in - turn triggers a segmentation fault, terminating the program and - leaving the terminal unlocked.</p> - <p>While this is unexpected, the dangerous case is where - "xlockmore -mode random" calls the mode "dclock" after a while, - when the user has left the terminal, not noticing that it will - (eventually) be unlocked.</p> + <p>Due to an error in the dclock screensaver in xlockmore, users who + explicitly use this screensaver or a random mix of screensavers using + something like "xlockmore -mode random" may have their screen unlocked + unexpectedly at a random time.</p> </blockquote> </body> </description> |