FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xtrlock -- xtrlock does not block multitouch events

Affected packages
xtrlock < 2.12

Details

VuXML ID e80073d7-f8ba-11eb-b141-589cfc007716
Discovery 2016-07-10
Entry 2021-08-09

Debian reports:

xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events including pan scrolling, "pinch and zoom" or even being able to provide regular mouse clicks by depressing the touchpad once and then clicking with a secondary finger.

References

CVE Name CVE-2016-10894
URL https://lists.debian.org/debian-lts-announce/2019/10/msg00019.html