On Wed, 30 Nov 2022 06:59:41 +0100, Salvatore Bonaccorso
wrote:
> The issue got CVE-2022-46338 assigned by MITRE.
>
> Stephen, the issue is marked no-dsa for bullseye, but a fix might go
> still trough the upcoming point release (scheduled for 17th december).
Thanks, I’ll submit a stable
Control: retitle -1 g810-led: Security risk: Leaves /dev/input/event* with read
and write permissions for all users (CVE-2022-46338)
On Mon, Nov 28, 2022 at 03:45:16PM +0100, Xavi Drudis Ferran wrote:
> Package: g810-led
> Version: 0.4.2-2.1
> Severity: critical
> Tags: patch upstream security
>
Processing control commands:
> retitle -1 g810-led: Security risk: Leaves /dev/input/event* with read and
> write permissions for all users (CVE-2022-46338)
Bug #1024998 {Done: Stephen Kitt } [g810-led] g810-led:
Security risk: Leaves /dev/input/event* with read and write permissions for all
Hi,
On Mon, 28 Nov 2022 15:45:16 +0100, Xavi Drudis Ferran
wrote:
> I hesitate to file as critical, but I came across a bug report in
> upstream that looked serious enough since it would allow all local
> processes to eavesdrop on keyboard input, including passwords, etc. I
> haven't tried an
Package: g810-led
Version: 0.4.2-2.1
Severity: critical
Tags: patch upstream security
Justification: root security hole
X-Debbugs-Cc: xdru...@tinet.cat, Debian Security Team
Dear Maintainer,
I hesitate to file as critical, but I came across a bug report in
upstream that looked serious enough
5 matches
Mail list logo