"xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger)."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f5ab1a1689f38303308034fba0c1870b0ba1281 commit 1f5ab1a1689f38303308034fba0c1870b0ba1281 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-02-02 20:24:13 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-02-02 20:24:30 +0000 x11-misc/xtrlock: Version 2.12 Package-Manager: Portage-2.3.87, Repoman-2.3.20 Bug: https://bugs.gentoo.org/707966 Signed-off-by: Jeroen Roovers <jer@gentoo.org> x11-misc/xtrlock/Manifest | 1 + x11-misc/xtrlock/xtrlock-2.12.ebuild | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+)
ppc stable
amd64 stable
x86 stable. Maintainer(s), please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ef92095a9f759add1f7cf823001b8cbd00c26b3 commit 0ef92095a9f759add1f7cf823001b8cbd00c26b3 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-02-03 16:20:40 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-02-03 16:21:06 +0000 x11-misc/xtrlock: Old Package-Manager: Portage-2.3.87, Repoman-2.3.20 Bug: https://bugs.gentoo.org/show_bug.cgi?id=707966 Signed-off-by: Jeroen Roovers <jer@gentoo.org> x11-misc/xtrlock/Manifest | 1 - x11-misc/xtrlock/xtrlock-2.8.ebuild | 35 ----------------------------------- 2 files changed, 36 deletions(-)
Tree is now clean.
GLSA Vote: No Repository is clean, all done!