[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted xtrlock 2.6+deb8u1 (source amd64) into oldoldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 14 Oct 2019 13:42:38 -0700
Source: xtrlock
Binary: xtrlock
Architecture: source amd64
Version: 2.6+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 xtrlock    - Minimal X display lock program
Closes: 830726
Changes:
 xtrlock (2.6+deb8u1) jessie-security; urgency=high
 .
   * CVE-2016-10894: Attempt to grab multitouch devices which are not
     intercepted via XGrabPointer.
 .
     xtrlock did not block multitouch events so an attacker could still input
     and thus control various programs such as Chromium, etc. via so-called
     "multitouch" events such as pan scrolling, "pinch and zoom", or even being
     able to provide regular mouse clicks by depressing the touchpad once and
     then clicking with a secondary finger.
 .
     This fix does not the situation where Eve plugs in a multitouch device
     *after* the screen has been locked. For more information on this angle,
     please see <https://bugs.debian.org/830726#115>. (Closes: #830726)
Checksums-Sha1:
 b348c7eb7aa675dfe25e78218c84348b4dbc0ce9 1457 xtrlock_2.6+deb8u1.dsc
 e5eb954d6f5d3d978f30c95a0f7746aa64aab5b7 22034 xtrlock_2.6+deb8u1.tar.gz
 9b375f6436fc03eb6b6ea35e55706508b39d6bc8 9850 xtrlock_2.6+deb8u1_amd64.deb
Checksums-Sha256:
 3fab5c71f41d9f99a1592f7425e292a8b8f639e75b04722b608b1ab3d7fd0361 1457 xtrlock_2.6+deb8u1.dsc
 d524d614a5aaa5bd717a07943e8e45bfda2956ca0d3563b87558d229bd282498 22034 xtrlock_2.6+deb8u1.tar.gz
 0edaa6cea0dfd6e9065bcb5a7f45b12928a9a6ce1ad3432b4fe2c81dbc90d979 9850 xtrlock_2.6+deb8u1_amd64.deb
Files:
 5025992c8dfbdc59f7899c70378d9ce8 1457 x11 optional xtrlock_2.6+deb8u1.dsc
 ea584c44e38651e735ed4fd9c912b2ef 22034 x11 optional xtrlock_2.6+deb8u1.tar.gz
 d8e3860ac1565fa8d680b820af10e3b7 9850 x11 optional xtrlock_2.6+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2k3z4ACgkQHpU+J9Qx
HliaBA/+PIU8Asiw+taOxe/DFH4RAN5Tp9vFZYBV8NSIaY0jheksix9D/AONj/51
OvZ6FecehZFtP39/CusWH3hGYliGQ/hiyt8gGta1nN+M9LjsV99aInlj5rSJ+NqR
aLjWqrJTlrGMekKQylhDG9lMYerkvAkdoQcBNd4AWL4x2zujYv/j5qxV58DNSWYG
BpNhH2lSTiITuLQ7O2dkzRVjrwmWk7fXlMo8e2Z7i0I2Rs4T426EmToj+VaxCadB
98aQSnDaF0Y/On9IDD4ZoijJ2boftqTI//nZ10mDq/XYkCMM12Pp9l3RwpDxnv9/
8FNthhim+SHaiY7DqJM8Hy0TdkIB/YkmgcAu3rxZej5lNsJ9K1M5dnhBbWjQwnSu
m/Z5gA+JG3qmgRq2/eghxwleqCLFnHAvgOw/QfA7w0KO6S1hLQNdbwljr6MOqdq6
ZEcITpiz7RvleKAm1eKtk1c87Klq1OslFmAF3AU+AaSRWImRr590y5Pg3zU2Eu/w
VVzVdDEiY+Fys6akf3xeT5/Q9FidO6N1L0YmQIPvcbaF7JvLlGKKza+zIVNa5x5I
9LF3pQgd/GpfRwQ1GHRxl6sNKAivjWtqnPkhVeB50fs8ChxGKhhCi8r0ahVNRq8q
xXie+hMFcJqurstIdCia3238VR4io3XEoQlq0UthINfdDf8yW/Q=
=nYfT
-----END PGP SIGNATURE-----


Reply to: