From https://lists.x.org/archives/xorg-announce/2022-April/003159.html: "When a device is detected by libinput, libinput logs several messages through log handlers set up by the callers. These log handlers usually eventually result in a printf call. Logging happens with the privileges of the caller, in the case of Xorg this may be root. The device name ends up as part of the format string and a kernel device with printf-style format string placeholders in the device name can enable an attacker to run malicious code. An exploit is possible through any device where the attacker controls the device name, e.g. /dev/uinput or Bluetooth devices. ... libinput releases that include these patches are: - 1.20.1 - 1.19.4 - 1.18.2 Releases of versions 1.17.x and earlier are not planned at this stage." Please stabilize 1.20.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e3ed499c382741bbff2a46df74a3d565ab121e9 commit 8e3ed499c382741bbff2a46df74a3d565ab121e9 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-05-13 12:25:28 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-05-13 12:27:33 +0000 x11-drivers/xf86-input-libinput: Drop old versions Bug: https://bugs.gentoo.org/839729 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-drivers/xf86-input-libinput/Manifest | 1 - .../xf86-input-libinput-1.2.0.ebuild | 21 --------------------- 2 files changed, 22 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a318cfd447c8724701237708a8be762cf181ecce commit a318cfd447c8724701237708a8be762cf181ecce Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-05-13 12:48:45 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-05-13 12:49:21 +0000 dev-libs/libinput: Drop old versions Bug: https://bugs.gentoo.org/839729 Signed-off-by: Matt Turner <mattst88@gentoo.org> dev-libs/libinput/Manifest | 2 - dev-libs/libinput/libinput-1.19.3.ebuild | 88 -------------------------------- dev-libs/libinput/libinput-1.20.0.ebuild | 88 -------------------------------- 3 files changed, 178 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47e2c41644645c7b013f9b278b76495d319552c6 commit 47e2c41644645c7b013f9b278b76495d319552c6 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-05-13 12:47:56 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-05-13 12:49:16 +0000 Revert "x11-drivers/xf86-input-libinput: Drop old versions" This reverts commit 8e3ed499c382741bbff2a46df74a3d565ab121e9. Bug: https://bugs.gentoo.org/839729 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-drivers/xf86-input-libinput/Manifest | 1 + .../xf86-input-libinput-1.2.0.ebuild | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=721002da538cc028bed2e2ba3c68e2545d323a75 commit 721002da538cc028bed2e2ba3c68e2545d323a75 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-26 04:38:40 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-26 04:39:34 +0000 [ GLSA 202310-14 ] libinput: format string vulnerability when using xf86-input-libinput Bug: https://bugs.gentoo.org/839729 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-14.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)