libinput - Debian Package Tracker

general

source: libinput (main)
version: 1.31.0-1
maintainer: Debian X Strike Force (archive) (DMD)
uploaders: Emilio Pozuelo Monfort [DMD] – Héctor Orón Martínez [DMD] – Marius Gripsgard [DMD]
arch: any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.16.4-3
oldstable: 1.22.1-1
stable: 1.28.1-1
testing: 1.31.0-1
unstable: 1.31.0-1

versioned links

1.16.4-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.22.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.28.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.31.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libinput-bin (4 bugs: 0, 2, 2, 0)
libinput-dev
libinput-tools (2 bugs: 0, 1, 1, 0)
libinput10 (24 bugs: 0, 21, 3, 0)
libinput10-udeb

action needed

A new upstream version is available: 1.31.1 high

A new upstream version 1.31.1 is available, you should consider packaging it.

Created: 2026-04-03 Last update: 2026-04-06 19:01

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2026-35093: A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
CVE-2026-35094: A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.

Created: 2026-04-02 Last update: 2026-04-02 21:30

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2026-35093: A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
CVE-2026-35094: A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.

Created: 2026-04-02 Last update: 2026-04-02 21:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2026-04-06 Last update: 2026-04-06 19:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.31.1-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Created: 2026-04-02 Last update: 2026-04-02 20:32

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-01-16 Last update: 2026-01-16 06:01

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 1.31.0-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-12-17 Last update: 2026-02-18 21:09

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.2).

Created: 2024-04-07 Last update: 2026-03-31 15:01

news

[rss feed]

[2026-02-21] libinput 1.31.0-1 MIGRATED to testing (Debian testing watch)
[2026-02-18] Accepted libinput 1.31.0-1 (source) into unstable (Timo Aaltonen)
[2026-02-04] libinput 1.30.1-1 MIGRATED to testing (Debian testing watch)
[2026-02-02] Accepted libinput 1.30.1-1 (source) into unstable (Timo Aaltonen)
[2025-11-29] libinput 1.30.0-1 MIGRATED to testing (Debian testing watch)
[2025-11-25] Accepted libinput 1.30.0-1 (source) into unstable (Timo Aaltonen)
[2025-04-06] libinput 1.28.1-1 MIGRATED to testing (Debian testing watch)
[2025-04-03] Accepted libinput 1.28.1-1 (source) into unstable (Timo Aaltonen)
[2025-04-03] Accepted libinput 1.28.0-1 (source) into unstable (Timo Aaltonen)
[2025-02-15] libinput 1.27.1-1 MIGRATED to testing (Debian testing watch)
[2025-02-13] Accepted libinput 1.27.1-1 (source) into unstable (Timo Aaltonen)
[2024-10-01] libinput 1.26.2-1 MIGRATED to testing (Debian testing watch)
[2024-09-28] Accepted libinput 1.26.2-1 (source) into unstable (Timo Aaltonen)
[2024-06-13] libinput 1.26.0-1 MIGRATED to testing (Debian testing watch)
[2024-06-11] Accepted libinput 1.26.0-1 (source) into unstable (Timo Aaltonen)
[2024-02-11] libinput 1.25.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-05] Accepted libinput 1.25.0-1 (source) into unstable (Timo Aaltonen)
[2023-12-28] libinput 1.23.0-2.1 MIGRATED to testing (Debian testing watch)
[2023-12-17] Accepted libinput 1.23.0-2.1 (source) into unstable (Vagrant Cascadian)
[2023-06-20] libinput 1.23.0-2 MIGRATED to testing (Debian testing watch)
[2023-06-14] Accepted libinput 1.23.0-2 (source) into unstable (Marius Gripsgard)
[2023-05-31] Accepted libinput 1.23.0-1 (source) into experimental (Marius Gripsgard)
[2023-01-30] libinput 1.22.1-1 MIGRATED to testing (Debian testing watch)
[2023-01-27] Accepted libinput 1.22.1-1 (source) into unstable (Marius Gripsgard)
[2022-11-24] libinput 1.22.0-1 MIGRATED to testing (Debian testing watch)
[2022-11-22] Accepted libinput 1.22.0-1 (source) into unstable (Timo Aaltonen)
[2022-06-25] libinput 1.21.0-1 MIGRATED to testing (Debian testing watch)
[2022-06-22] Accepted libinput 1.21.0-1 (source) into unstable (Héctor Orón Martínez) (signed by: Hector Oron Martinez)
[2022-04-22] libinput 1.20.1-1 MIGRATED to testing (Debian testing watch)
[2022-04-20] Accepted libinput 1.20.1-1 (source) into unstable (Timo Aaltonen)

bugs [bug history graph]

all: 35 36
RC: 1
I&N: 28 29
M&W: 6
F&P: 0
patch: 1

links

homepage
lintian (0, 6)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.31.0-1ubuntu0.1
32 bugs
patches for 1.31.0-1ubuntu0.1