Bug#977238: qimgv: middle-click triggers a ButtonRelease event in the underneath window; should not quit on ButtonPress
Control: forwarded -1 https://github.com/easymodo/qimgv/issues/154
On 2020/12/13 12:19 AM (UTC+0100), Vincent Lefevre wrote:
> Package: qimgv
> Version: 0.9.1-2
> Severity: important
> Tags: security
>
> When I click with the middle button (button 2), this quits qimgv and
> triggers a ButtonRelease event in the underneath window, thus
> affecting an unrelated application. A major consequence is that some
> applications (such as xterm and rxvt) see this ButtonRelease event as
> a click, and since this is a middle-click, if the window is accepting
> input at this mouse position, this unexpectedly pastes data. For a
> terminal like xterm or rxvt, this can be harmful, depending on what
> is running and on what is pasted (this could be private data).
>
> In no way an application should affect other applications like that.
>
> The cause is that qimgv quits at the ButtonPress event instead of the
> ButtonRelease event.
>
> -- System Information:
> Debian Release: bullseye/sid
> APT prefers unstable-debug
> APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
> Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages qimgv depends on:
> ii libc6 2.31-5
> ii libexiv2-27 0.27.3-3
> ii libgcc-s1 10.2.1-1
> ii libmpv1 0.32.0-2+b1
> ii libopencv-core4.2 4.2.0+dfsg-6+b6
> ii libopencv-imgproc4.2 4.2.0+dfsg-6+b6
> ii libqt5core5a 5.15.2+dfsg-2
> ii libqt5gui5 5.15.2+dfsg-2
> ii libqt5widgets5 5.15.2+dfsg-2
> ii libstdc++6 10.2.1-1
>
> qimgv recommends no packages.
>
> qimgv suggests no packages.
>
> -- no debconf information
>
This appears to have been reported upstream at:
https://github.com/easymodo/qimgv/issues/154
Philip Chung
Reply to: