[SECURITY] [DLA 2374-1] gnome-shell security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2374-1] gnome-shell security update
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 15 Sep 2020 07:24:51 -0400 (EDT)
Message-id: <[🔎] 160016906313.3097103.18024002990708433256@tinycat.chris-lamb.co.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2374-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
September 15, 2020                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gnome-shell
Version        : 3.22.3-3+deb9u1
CVE ID         : CVE-2020-17489
Debian Bug     : #968311

It was discovered that there was an issue around revealing passwords
in the "gnome-shell" component of the GNOME desktop.

In certain configurations, when logging out of an account the
password box from the login dialog could reappear with the password
visible in cleartext.

For Debian 9 "Stretch", this problem has been fixed in version
3.22.3-3+deb9u1.

We recommend that you upgrade your gnome-shell packages.

For the detailed security status of gnome-shell please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnome-shell

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9goxQACgkQHpU+J9Qx
HlgcEA/9EGCFy/+n+EwXrJo5Ai+UFuseHIAd9CaqPCoSrkZXL7AZDA5mDiqDJ9C4
qrCu/MJm78+9GX1i4XY7BQk28Ze9dbREuDxKKNx8GmBt8A67uX878nwYY/olu/Sf
u/rlXW1AiMeQR6wn8qIycNNnyses8AjCKmRTgrFoWpSBMfPntzWcM/T+UgQKE8Ja
RIyXn9EnWPXCnzVVWN+8pLXLwk6XVHsBN9CJbNJ8b2m0/DLWHwBHwrKeQJGdNDOj
6A+0dK5iSzjR1PWJ49xS3S/lY0Iyb3kVNuXCqLBDAKqWaiAvxysu0f5TsJEMKaKo
idSKDx8mZXJV6YIyuQobrs10xIBTnaLTkyfoCcsD8drbBHnqTS0j7hIDZT0TJlWF
KAru+bjbxIdBEFxPXRzE+qPNO8sMyvjro9B2iN3ItpIsyP/ARTydhNatvZ0Z9Yrx
SUFRKU4Je61/ovMm0ysSPyqPqw5pi2af11Gi3gvFlPGiOX1wSnRH8rRjS9e+XSUl
U9fvODaA1vDZzHrJhUey0rQCuSXUHqnBOl7bBybF1+tAqP8r7jgFsuWFRwpRq/jZ
Zt+KrlUPK25s6CBsr5IAUSQiRGaeKYcFv6AXI6dNRlJaTRK6Lc9AgGtNyYr+gGCr
jcXp1NX4SBkx8HuvGsFINxhE9xDeA5mpwDkl6knzDnNI+RJqh+M=
=AxhS
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2373-1] qemu security update
Next by Date: [SECURITY] [DLA 2375-1] inspircd security update
Previous by thread: [SECURITY] [DLA 2373-1] qemu security update
Next by thread: [SECURITY] [DLA 2375-1] inspircd security update
Index(es):
- Date
- Thread