Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 707966 (CVE-2016-10894)

Summary: <x11-misc/xtrlock-2.12: screen lock input bypass through multitouch events
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: desktop-misc
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://security-tracker.debian.org/tracker/CVE-2016-10894
See Also: https://bugs.debian.org/830726
Whiteboard: B4 [noglsa]
Package list:
=x11-misc/xtrlock-2.12
 Runtime testing required: ---

Description Jeroen Roovers (RETIRED) gentoo-dev 2020-02-02 20:23:47 UTC 
"xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger)."
Comment 1 Larry the Git Cow gentoo-dev 2020-02-02 20:24:34 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f5ab1a1689f38303308034fba0c1870b0ba1281

commit 1f5ab1a1689f38303308034fba0c1870b0ba1281
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2020-02-02 20:24:13 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2020-02-02 20:24:30 +0000

    x11-misc/xtrlock: Version 2.12
    
    Package-Manager: Portage-2.3.87, Repoman-2.3.20
    Bug: https://bugs.gentoo.org/707966
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 x11-misc/xtrlock/Manifest            |  1 +
 x11-misc/xtrlock/xtrlock-2.12.ebuild | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2020-02-03 12:30:46 UTC 
ppc stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-02-03 12:38:53 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-02-03 15:24:54 UTC 
x86 stable.

Maintainer(s), please cleanup.
Comment 5 Larry the Git Cow gentoo-dev 2020-02-03 16:21:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ef92095a9f759add1f7cf823001b8cbd00c26b3

commit 0ef92095a9f759add1f7cf823001b8cbd00c26b3
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2020-02-03 16:20:40 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2020-02-03 16:21:06 +0000

    x11-misc/xtrlock: Old
    
    Package-Manager: Portage-2.3.87, Repoman-2.3.20
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=707966
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 x11-misc/xtrlock/Manifest           |  1 -
 x11-misc/xtrlock/xtrlock-2.8.ebuild | 35 -----------------------------------
 2 files changed, 36 deletions(-)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-18 17:56:34 UTC 
Tree is now clean.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 19:13:37 UTC 
GLSA Vote: No

Repository is clean, all done!