This is an announcement about a security bug and a fix release I noticed when I was using xscreensaver:

Reproducing steps

  1. Having pam_panic in your pam.d of xscreensaver using the password function.
  2. Trigger the keyboard/mouse to let pam_panic prompt for its password.
  3. Wait for xscreensaver to pass the timeout.
  4. xscreensaver crashes and you can use the computer without authentication.

Expected

  4. xscreensaver should blank out and keep the screen locked.

Fix

Fixed in #47.

What to do

Clone the updated git repo and reinstall pam_panic.