Debian Gnome-Screensaver vulnerabilities

CVE-2013-1050 [HIGH] CVE-2013-1050: gnome-screensaver - The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the Auto... The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. Scope: local bookworm: resolved bullseye: resolve

CVE-2012-3452 [LOW] CVE-2012-3452: gnome-screensaver - gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple scree... gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. Scope: local bookworm: resolved bullseye: resolved trixie: resolved

CVE-2010-0414 [HIGH] CVE-2010-0414: gnome-screensaver - gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass ... gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. Scope: local bookworm: resolved (fixed in 2.28.2-1) bullseye: resolved (fixed in 2.28.2-1) trixie: resolved (fixed in 2.28.2-1)

CVE-2010-0422 [HIGH] CVE-2010-0422: gnome-screensaver - gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state o... gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to

CVE-2010-0285 [MEDIUM] CVE-2010-0285: gnome-screensaver - gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configu... gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor. Scope: local bookworm: resolved (fixed in 2.28.3-1) bullseye: resolved

CVE-2009-4642 [HIGH] CVE-2009-4642: gnome-screensaver - gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determin... gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. Scope: local bookworm: resolved (fixed in 2.26.1-2) bullseye: resolved (

CVE-2009-4641 [HIGH] CVE-2009-4641: gnome-screensaver - gnome-screensaver 2.28.0 does not resume adherence to its activation settings af... gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. Scope: local bookworm: resolved (fixed in 2.28.0-2) bullseye: resolved (fixed in 2.28.0

CVE-2008-0887 [MEDIUM] CVE-2008-0887: gnome-screensaver - gnome-screensaver before 2.22.1, when a remote authentication server is enabled,... gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes upon an unlock attempt during a network outage, which allows physically proximate attackers to gain access to the locked session, a related issue to CVE-2007-1859. Scope: local bookworm: resolved (fixed in 2.22.2-1) bullseye: resolved (fixed in 2.22.2-1) trixie: resolv

CVE-2007-3920 [MEDIUM] CVE-2007-3920: gnome-screensaver - GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly ... GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. Scope: local bookworm: resolved (fixed in 2.20.0-1.1) bullseye: resolved (fixed in 2.20.0-1.1) trixie: resolved

CVE-2007-6389 [LOW] CVE-2007-6389: gnome-screensaver - The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow l... The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. Scope: local bookworm: resolved (fixed in 2.22.0-1) bullseye: resolved (fixed in 2.22.0-1) trixie: resolved (fixed in 2.22.0-1)

CVE-2006-1335 [LOW] CVE-2006-1335: gnome-screensaver - gnome screensaver before 2.14, when running on an X server with AllowDeactivateG... gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome. Scope: local bookworm: resolved (fixed in 2.14.1-1) bullseye: