-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 16 Jan 2020 16:00:52 +0000 Source: xtrlock Architecture: source Version: 2.8+deb10u1 Distribution: buster Urgency: high Maintainer: Matthew Vernon <matthew@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 830726 Changes: xtrlock (2.8+deb10u1) buster; urgency=high . * CVE-2016-10894: Attempt to grab multitouch devices which are not intercepted via XGrabPointer. . xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events such as pan scrolling, "pinch and zoom", or even being able to provide regular mouse clicks by depressing the touchpad once and then clicking with a secondary finger. . This fix does not the situation where Eve plugs in a multitouch device *after* the screen has been locked. For more information on this angle, please see <https://bugs.debian.org/830726#115>. (Closes: #830726) Checksums-Sha1: f950ec30c91399896229718af98d97887e404aca 1461 xtrlock_2.8+deb10u1.dsc a83b0156c4d792af244aea0ae9ff89a735c5f247 21907 xtrlock_2.8+deb10u1.tar.gz 5a0fed0546a8189a3f9f2c1cb382f0cc3de7a19a 5076 xtrlock_2.8+deb10u1_amd64.buildinfo Checksums-Sha256: afcd1196e84993cf13bd82c06c946010f6bb80169a69922bb121b2720cfc8aff 1461 xtrlock_2.8+deb10u1.dsc 0aa7025c298d9590ac39270c159d460d327fcab0c71045f257905221e8b2f535 21907 xtrlock_2.8+deb10u1.tar.gz b471cd73c2e9bbd2bc868fdc2a52bf8782ab3b98d679012c550cb320de2878d2 5076 xtrlock_2.8+deb10u1_amd64.buildinfo Files: 3274cf204947ca02b47dc102d4455154 1461 x11 optional xtrlock_2.8+deb10u1.dsc 4516ca210599526c63d382367d53a93b 21907 x11 optional xtrlock_2.8+deb10u1.tar.gz b6f9d6e2d975cf1b15fa4759e2e57890 5076 x11 optional xtrlock_2.8+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5hVAsACgkQHpU+J9Qx HlgI1hAAg5LlkKCvwuWw327rtSvhSzW82odVi2OfK90PvzP2v1D6/yGTYGz0VXaf 0X1u83UcP31MX4sib8FnoxjFkI4jtSzEouyDF7MXxsYWCFLlqp2VbcLbjYtDEI12 lz+MpYah5Itle7dI+rHjKAvJlttC2B5DtPrf8PlLP31ePv5UabOWU+m/uJX/ua9j mw3jbX+ZPdG9UwCUW9sIWP4+SqdWnbBCWHxbDutrgjrZlNSVSY8dDkPTlvYfp7wq TxbtTnAWGtadI8fdbmeeShpKux7Nsh6ucQHgw+/JT8msrDiItUA2L/Rr3dVK3H1y W6t9moyxhMgGqdatrkeg66/hXBvFDbJoPEwj9swi9Tnb1IHtTzYjBRZK/Hxs+Gnn HjSOePfZjSjSPR7hl/LkP/53Kq0yg1VlcN5DejgrfYGODZnaYVamcyrJxo2YPLn0 STQTYKCiL6hXJWQolbkuFoOWk/btqJDouyohluIWCMpSe4jW3/Y4Mq6oL4VE+GhB SJySq4+0+pbc5u3wQbBh4fXr2SVUshvtq1jk97yuHGorsl6SPCq6Vp3/EGF8RERM 7gjarms7Ko8jIbms7xu8lg8S4RSzdzPBI8fZazQ6GDe6+bT1vnY7WB5Doau4SMT+ yw5X+txBETQjtHOkbJLRSIHA4spSawXOJzQa8+hsTvfaIS9eg/s= =mcjU -----END PGP SIGNATURE-----
