"xorg-server-1.13.4 and xorg-server-1.14.1 have been released with the fixes for this issue. No additional stable releases are planned at this point, users relying on 1.12 or earlier servers will have to apply the patch themselves."
(In reply to comment #1)
> Fixed in:
Which version we need to stabilize?
Arches, please stabilize the versions mentioned in comment 1.
Stable for HPPA.
Vulnerable versions have been removed from the tree.
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly
restrict access to input events when adding a new hot-plug device, which
might allow physically proximate attackers to obtain sensitive information,
as demonstrated by reading passwords from a tty.
Thanks everyone. Added to existing GLSA draft
This issue was resolved and addressed in
GLSA 201405-07 at http://security.gentoo.org/glsa/glsa-201405-07.xml
by GLSA coordinator Mikle Kolyada (Zlogene).