Discussion:
[kwin] [Bug 389483] New: VLC leaks playing video details to lock screen
Add Reply
Tom Chiverton
2018-01-26 22:25:13 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

Bug ID: 389483
Summary: VLC leaks playing video details to lock screen
Product: kwin
Version: unspecified
Platform: Kubuntu Packages
OS: Linux
Status: UNCONFIRMED
Severity: critical
Priority: NOR
Component: core
Assignee: kwin-bugs-***@kde.org
Reporter: ***@falkensweb.com
Target Milestone: ---

By default, the lock screen displays the currently playing media on VLC.

This leaks details of media being played to anyone.

Can't see where to flag this as security issue.
--
You are receiving this mail because:
You are watching all bug changes.
Martin Flöser
2018-01-27 08:37:26 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

Martin Flöser <***@kde.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@gmail.com,
| |***@kde.org
Component|core |breeze-theme
Product|kwin |kscreenlocker
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
Assignee|kwin-bugs-***@kde.org |plasma-***@kde.org

--- Comment #1 from Martin Flöser <***@kde.org> ---
To my knowledge Plasma 5.12 will introduce a config option.
--
You are receiving this mail because:
You are watching all bug changes.
Tom Chiverton
2018-02-10 15:49:43 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

Tom Chiverton <***@falkensweb.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|FIXED |---

--- Comment #2 from Tom Chiverton <***@falkensweb.com> ---
I have plasma-desktop 4:5.12.0-0neon+16.04+xenial+build80 on KDE Neon.

No such option has appeared in workspace->screenlocking under either tab
--
You are receiving this mail because:
You are watching all bug changes.
Rog131
2018-02-13 10:13:27 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

Rog131 <***@hotmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@hotmail.com

--- Comment #3 from Rog131 <***@hotmail.com> ---
By the Plasma 5.12.0 release announcement :
https://www.kde.org/announcements/plasma-5.12.0.php has:

"Media controls have been added to the lock screen. For added privacy, they can
be disabled in Plasma 5.12..."

There is bug report: Bug 384264 - Make it possible to disable media controls on
lock screen - https://bugs.kde.org/show_bug.cgi?id=384264 .

It is marked as fixed with the
https://cgit.kde.org/kscreenlocker.git/commit/?id=e36101cd1b4857a23e05b9d1f039e9358bd1f49b

BUT the 'config.qml' is not shown by the lock screen configuration with the
plasma 5.12.0. Tested with the Neon and with the Arch.

A workaround is to manually edit the
/usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/lockscreen/config.xml
. Change the '<default>true</default>' to '<default>false</default>'
--
You are receiving this mail because:
You are watching all bug changes.
David Edmundson
2018-02-13 11:17:37 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

David Edmundson <***@davidedmundson.co.uk> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@davidedmundson.co.uk
Status|UNCONFIRMED |CONFIRMED
Ever confirmed|0 |1

--- Comment #4 from David Edmundson <***@davidedmundson.co.uk> ---
Urgh, there's a bug.

If the "Appareance" tab is not the active tab on load, then it doesn't render
the second QtQuick UI
--
You are receiving this mail because:
You are watching all bug changes.
Tom Chiverton
2018-02-13 20:58:00 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

--- Comment #5 from Tom Chiverton <***@falkensweb.com> ---
Are you going to rate this more seriously then ?

Not only is KDE insecure by default now, but it's not possible to change the
settings to make it more secure!

I'm thinking you want to issue an out-of-band update ASAP...
--
You are receiving this mail because:
You are watching all bug changes.
David Edmundson
2018-02-13 21:18:50 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

--- Comment #6 from David Edmundson <***@davidedmundson.co.uk> ---
The impliciation was that I would fix it.
--
You are receiving this mail because:
You are watching all bug changes.
David Edmundson
2018-02-13 22:52:22 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

David Edmundson <***@davidedmundson.co.uk> changed:

What |Removed |Added
----------------------------------------------------------------------------
Latest Commit| |https://commits.kde.org/ksc
| |reenlocker/639d1809e4d36059
| |03e0efe379f104e35a03fc38
Status|CONFIRMED |RESOLVED
Resolution|--- |FIXED

--- Comment #7 from David Edmundson <***@davidedmundson.co.uk> ---
Git commit 639d1809e4d3605903e0efe379f104e35a03fc38 by David Edmundson.
Committed on 13/02/2018 at 22:29.
Pushed by davidedmundson into branch 'Plasma/5.12'.

Update size hint of lnf config widget

The old code implicitly used the initial size, which depending on when source
is set, was often 0

M +2 -2 kcm/kcm.ui
M +3 -0 kcm/lnfconfig.qml

https://commits.kde.org/kscreenlocker/639d1809e4d3605903e0efe379f104e35a03fc38
--
You are receiving this mail because:
You are watching all bug changes.
Christoph Feck
2018-02-14 19:19:49 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

--- Comment #8 from Christoph Feck <***@kde.org> ---
Thanks Sam for your continues bug triaging efforts. I have just raised your
bugzilla privileges to edit any aspects of bugs (mark duplicates, etc.)
--
You are receiving this mail because:
You are watching all bug changes.
Tom Chiverton
2018-02-15 18:48:13 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

--- Comment #9 from Tom Chiverton <***@falkensweb.com> ---
So is this just getting lumped into the next monthly patch set ?
--
You are receiving this mail because:
You are watching all bug changes.
Rog131
2018-02-15 19:21:32 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483

--- Comment #10 from Rog131 <***@hotmail.com> ---
(In reply to Tom Chiverton from comment #9)
Post by Tom Chiverton
So is this just getting lumped into the next monthly patch set ?
It is fixed in branch 'Plasma/5.12'. Next, 5.12.2 , is planned: Tue 2018-02-20.
Plasma Schedules: https://community.kde.org/Schedules/Plasma_5 .

...and yes it is working: [img]Loading Image...[/img]
--
You are receiving this mail because:
You are watching all bug changes.
David Edmundson
2018-02-15 20:19:04 UTC
Reply
Permalink
Raw Message
https://bugs.kde.org/show_bug.cgi?id=389483
Post by Tom Chiverton
So is this just getting lumped into the next monthly patch set ?
Yes.
--
You are receiving this mail because:
You are watching all bug changes.
Loading...