Control: tags -1 + confirmed On Wed, 2022-11-30 at 08:32 +0100, Stephen Kitt wrote: > g810-led has a security issue in stable; it leaves /dev/input/eventXX > device nodes world-readable and writable (CVE-2022-46338). The issue > is marked no-dsa, but I would like to provide a fix in the next > point-release. The fix is already in unstable (0.4.2-3). > > The attached debdiff fixes the issue by patching the udev rules file: > the affected device nodes have their mode set to 660 instead of 666, > and uaccess is used to provide access to the user at the console. I > own relevant hardware and have verified the fix myself on a multi- > user > system. >
Please go ahead. Regards, Adam