Mamoru Tasaka

**Name of the Vulnerable Software and Affected Versions** XScreenSaver versions prior to 5.34 **Description** The issue is related to a lack of proper internal consistency checks in the driver/subprocs.c file of XScreenSaver, allowing physically proximate attackers to bypass the lock screen. This can be achieved by hot swapping monitors, effectively exploiting the insufficient access control to certain functions. **Recommendations** For versions prior to 5.34, update to version 5.34 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cbrPager versions prior to 0.9.17 **Description** The issue allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a ZIP (aka .cbz) or RAR (aka .cbr) archive filename. **Recommendations** For versions prior to 0.9.17, update to version 0.9.17 or later to resolve the issue. As a temporary workaround, consider avoiding the use of ZIP or RAR archive filenames that contain shell metacharacters until a patch is applied.