Bug#949113: buster-pu: package xtrlock/2.8+deb10u1
Control: tags -1 + confirmed
On Thu, 2020-01-16 at 23:57 +0000, Chris Lamb wrote:
> xtrlock (2.8+deb10u1) buster; urgency=high
>
> * CVE-2016-10894: Attempt to grab multitouch devices which are
> not
> intercepted via XGrabPointer.
>
> xtrlock did not block multitouch events so an attacker could
> still input
> and thus control various programs such as Chromium, etc. via
> so-called
> "multitouch" events such as pan scrolling, "pinch and zoom", or
> even being
> able to provide regular mouse clicks by depressing the touchpad
> once and
> then clicking with a secondary finger.
>
Please go ahead.
Regards,
Adam
Reply to: