Bug#1024998: g810-led: Security risk: Leaves /dev/input/event* with read and write permissions for all users

2022-11-29 Thread Stephen Kitt
On Wed, 30 Nov 2022 06:59:41 +0100, Salvatore Bonaccorso wrote: > The issue got CVE-2022-46338 assigned by MITRE. > > Stephen, the issue is marked no-dsa for bullseye, but a fix might go > still trough the upcoming point release (scheduled for 17th december). Thanks, I’ll submit a stable

Bug#1024998: g810-led: Security risk: Leaves /dev/input/event* with read and write permissions for all users

2022-11-29 Thread Salvatore Bonaccorso
Control: retitle -1 g810-led: Security risk: Leaves /dev/input/event* with read and write permissions for all users (CVE-2022-46338) On Mon, Nov 28, 2022 at 03:45:16PM +0100, Xavi Drudis Ferran wrote: > Package: g810-led > Version: 0.4.2-2.1 > Severity: critical > Tags: patch upstream security >

Bug#1024998: g810-led: Security risk: Leaves /dev/input/event* with read and write permissions for all users

2022-11-28 Thread Stephen Kitt
Hi, On Mon, 28 Nov 2022 15:45:16 +0100, Xavi Drudis Ferran wrote: > I hesitate to file as critical, but I came across a bug report in > upstream that looked serious enough since it would allow all local > processes to eavesdrop on keyboard input, including passwords, etc. I > haven't tried an

Bug#1024998: g810-led: Security risk: Leaves /dev/input/event* with read and write permissions for all users

2022-11-28 Thread Xavi Drudis Ferran
Package: g810-led Version: 0.4.2-2.1 Severity: critical Tags: patch upstream security Justification: root security hole X-Debbugs-Cc: xdru...@tinet.cat, Debian Security Team Dear Maintainer, I hesitate to file as critical, but I came across a bug report in upstream that looked serious enough