Bug#949113: buster-pu: package xtrlock/2.8+deb10u1

To: Chris Lamb <lamby@debian.org>, 949113@bugs.debian.org
Subject: Bug#949113: buster-pu: package xtrlock/2.8+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 05 Mar 2020 19:21:58 +0000
Message-id: <[🔎] c6489acc5c47b09aeba7b7489b6424ae7ecee7b2.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 949113@bugs.debian.org
In-reply-to: <87a995aa-c2a0-4698-bc2e-8c9b017fb495@sloti26t01>
References: <87a995aa-c2a0-4698-bc2e-8c9b017fb495@sloti26t01> <87a995aa-c2a0-4698-bc2e-8c9b017fb495@sloti26t01>

Control: tags -1 + confirmed

On Thu, 2020-01-16 at 23:57 +0000, Chris Lamb wrote:
>   xtrlock (2.8+deb10u1) buster; urgency=high
>   
>     * CVE-2016-10894: Attempt to grab multitouch devices which are
> not
>       intercepted via XGrabPointer.
>   
>       xtrlock did not block multitouch events so an attacker could
> still input
>       and thus control various programs such as Chromium, etc. via
> so-called
>       "multitouch" events such as pan scrolling, "pinch and zoom", or
> even being
>       able to provide regular mouse clicks by depressing the touchpad
> once and
>       then clicking with a secondary finger.
> 

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#949113: buster-pu: package xtrlock/2.8+deb10u1
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Processed: Re: Bug#949112: stretch-pu: package xtrlock/2.8+deb9u1
Next by Date: Processed: Re: Bug#949113: buster-pu: package xtrlock/2.8+deb10u1
Previous by thread: Bug#949112: stretch-pu: package xtrlock/2.8+deb9u1
Next by thread: Processed: Re: Bug#949113: buster-pu: package xtrlock/2.8+deb10u1
Index(es):
- Date
- Thread