Ray Strode

**Name of the Vulnerable Software and Affected Versions** Clutter versions prior to 1.16.2 **Description** The issue concerns the gesture handling code, allowing physically proximate attackers to bypass the lock screen via certain mouse or touch gestures. **Recommendations** For versions prior to 1.16.2, update to version 1.16.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** XWayland versions 1.16.x through 1.17.1 **Description** The issue concerns the authentication setup in XWayland, which starts the server in non-authenticating mode. This allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. **Recommendations** For XWayland versions 1.16.x through 1.17.1, update to version 1.17.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** gnome-screensaver versions 2.28.x through 2.28.2 **Description** The issue allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, due to improper synchronization of the state of screen locking and the unlock dialog in situations involving a change to the number of monitors. **Recommendations** For gnome-screensaver versions 2.28.x through 2.28.2, update to version 2.28.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** gnome-screensaver versions prior to 2.28.2 **Description** The issue allows physically proximate attackers to bypass screen locking and access an unattended workstation. This can be achieved by moving the mouse position to an external monitor and then disconnecting that monitor. **Recommendations** For versions prior to 2.28.2, update to version 2.28.2 or later to resolve the issue.