-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 14 Oct 2019 13:42:38 -0700 Source: xtrlock Binary: xtrlock Architecture: source amd64 Version: 2.6+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Matthew Vernon <matthew@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: xtrlock - Minimal X display lock program Closes: 830726 Changes: xtrlock (2.6+deb8u1) jessie-security; urgency=high . * CVE-2016-10894: Attempt to grab multitouch devices which are not intercepted via XGrabPointer. . xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events such as pan scrolling, "pinch and zoom", or even being able to provide regular mouse clicks by depressing the touchpad once and then clicking with a secondary finger. . This fix does not the situation where Eve plugs in a multitouch device *after* the screen has been locked. For more information on this angle, please see <https://bugs.debian.org/830726#115>. (Closes: #830726) Checksums-Sha1: b348c7eb7aa675dfe25e78218c84348b4dbc0ce9 1457 xtrlock_2.6+deb8u1.dsc e5eb954d6f5d3d978f30c95a0f7746aa64aab5b7 22034 xtrlock_2.6+deb8u1.tar.gz 9b375f6436fc03eb6b6ea35e55706508b39d6bc8 9850 xtrlock_2.6+deb8u1_amd64.deb Checksums-Sha256: 3fab5c71f41d9f99a1592f7425e292a8b8f639e75b04722b608b1ab3d7fd0361 1457 xtrlock_2.6+deb8u1.dsc d524d614a5aaa5bd717a07943e8e45bfda2956ca0d3563b87558d229bd282498 22034 xtrlock_2.6+deb8u1.tar.gz 0edaa6cea0dfd6e9065bcb5a7f45b12928a9a6ce1ad3432b4fe2c81dbc90d979 9850 xtrlock_2.6+deb8u1_amd64.deb Files: 5025992c8dfbdc59f7899c70378d9ce8 1457 x11 optional xtrlock_2.6+deb8u1.dsc ea584c44e38651e735ed4fd9c912b2ef 22034 x11 optional xtrlock_2.6+deb8u1.tar.gz d8e3860ac1565fa8d680b820af10e3b7 9850 x11 optional xtrlock_2.6+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2k3z4ACgkQHpU+J9Qx HliaBA/+PIU8Asiw+taOxe/DFH4RAN5Tp9vFZYBV8NSIaY0jheksix9D/AONj/51 OvZ6FecehZFtP39/CusWH3hGYliGQ/hiyt8gGta1nN+M9LjsV99aInlj5rSJ+NqR aLjWqrJTlrGMekKQylhDG9lMYerkvAkdoQcBNd4AWL4x2zujYv/j5qxV58DNSWYG BpNhH2lSTiITuLQ7O2dkzRVjrwmWk7fXlMo8e2Z7i0I2Rs4T426EmToj+VaxCadB 98aQSnDaF0Y/On9IDD4ZoijJ2boftqTI//nZ10mDq/XYkCMM12Pp9l3RwpDxnv9/ 8FNthhim+SHaiY7DqJM8Hy0TdkIB/YkmgcAu3rxZej5lNsJ9K1M5dnhBbWjQwnSu m/Z5gA+JG3qmgRq2/eghxwleqCLFnHAvgOw/QfA7w0KO6S1hLQNdbwljr6MOqdq6 ZEcITpiz7RvleKAm1eKtk1c87Klq1OslFmAF3AU+AaSRWImRr590y5Pg3zU2Eu/w VVzVdDEiY+Fys6akf3xeT5/Q9FidO6N1L0YmQIPvcbaF7JvLlGKKza+zIVNa5x5I 9LF3pQgd/GpfRwQ1GHRxl6sNKAivjWtqnPkhVeB50fs8ChxGKhhCi8r0ahVNRq8q xXie+hMFcJqurstIdCia3238VR4io3XEoQlq0UthINfdDf8yW/Q= =nYfT -----END PGP SIGNATURE-----
