CVE-2023-43090

Name	CVE-2023-43090
Description	A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-5501-1
Debian Bugs	1052067

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
gnome-shell (PTS)	jessie	3.14.4-1~deb8u1	vulnerable
	stretch (security), stretch (lts), stretch	3.22.3-3+deb9u1	fixed
	buster	3.30.2-11~deb10u2	fixed
	bullseye	3.38.6-1~deb11u1	fixed
	bookworm	43.9-0+deb12u1	fixed
	bookworm (security)	43.6-1~deb12u2	fixed
	trixie, sid	44.9-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gnome-shell	source	jessie	(unfixed)	end-of-life
gnome-shell	source	stretch	(not affected)
gnome-shell	source	buster	(not affected)
gnome-shell	source	bullseye	(not affected)
gnome-shell	source	bookworm	43.6-1~deb12u2		DSA-5501-1
gnome-shell	source	(unstable)	44.5-1			1052067

Notes

[bullseye] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
[buster] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba
Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/671df28a509ae208e158976f0855d91fdbea16a1
Introduced around: https://gitlab.gnome.org/GNOME/gnome-shell/-/8ebc478f0f24720870c4911aef707f4dc34d140c
[stretch] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)