Hi Antoine, > Thanks for fixing this and pushing it! Is the final fix also supposed to > address the case of an attacker plugging in a new USB multitouch device?
Alas not; I received no input from upstream after repeated pings so I pushed ahead. > If the latter -- should this be pointed out as a known limitation or > vulnerability of the package? Indeed. I did write that here: https://salsa.debian.org/debian/xtrlock/commit/0254c8652b415263bebadbe1413e71b9ec12e741.diff ... but I would concede that is not very visible. I think I was subconciously hoping that a deeper fix will be forthcoming. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-
