Control: tags -1 + confirmed On Thu, 2020-01-16 at 23:57 +0000, Chris Lamb wrote: > xtrlock (2.8+deb9u1) stretch; urgency=high > > * CVE-2016-10894: Attempt to grab multitouch devices which are > not > intercepted via XGrabPointer. > > xtrlock did not block multitouch events so an attacker could > still input > and thus control various programs such as Chromium, etc. via > so-called > "multitouch" events such as pan scrolling, "pinch and zoom", or > even being > able to provide regular mouse clicks by depressing the touchpad > once and > then clicking with a secondary finger. >
Please go ahead. Regards, Adam