[Git][security-tracker-team/security-tracker][master] Add CVE-2026-3509{3,4}/libinput

Wed, 01 Apr 2026 22:07:14 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
165de19e by Salvatore Bonaccorso at 2026-04-02T07:06:33+02:00
Add CVE-2026-3509{3,4}/libinput

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,9 +29,21 @@ CVE-2026-3877 (A reflected cross-site scripting (XSS) 
vulnerability in the dashb
 CVE-2026-35099 (Lakeside SysTrack Agent 11 before 11.5.0.15 has a race 
condition with  ...)
        NOT-FOR-US: Lakeside SysTrack Agent
 CVE-2026-35094 (A flaw was found in libinput. An attacker capable of deploying 
a Lua p ...)
-       TODO: check
+       - libinput <unfixed>
+       [trixie] - libinput <not-affected> (Vulnerable code not present)
+       [bookworm] - libinput <not-affected> (Vulnerable code not present)
+       [bullseye] - libinput <not-affected> (Vulnerable code not present)
+       NOTE: https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1272
+       NOTE: Fixed by: 
https://gitlab.freedesktop.org/libinput/libinput/-/commit/45506c7b3c8acbe36008975a2ae30d2c1eaf782f
 (1.31.1)
+       NOTE: Fixed by: 
https://gitlab.freedesktop.org/libinput/libinput/-/commit/af041ea9ed725482e831fa1f6e33cbeb98fcc54f
 (1.30.3)
 CVE-2026-35093 (A flaw was found in libinput. A local attacker who can place a 
special ...)
-       TODO: check
+       - libinput <unfixed>
+       [trixie] - libinput <not-affected> (Vulnerable code not present)
+       [bookworm] - libinput <not-affected> (Vulnerable code not present)
+       [bullseye] - libinput <not-affected> (Vulnerable code not present)
+       NOTE: https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1271
+       NOTE: Fixed by: 
https://gitlab.freedesktop.org/libinput/libinput/-/commit/49f9a815170fe4178cca8dd3a3e591486aa508a3
 (1.31.1)
+       NOTE: Fixed by: 
https://gitlab.freedesktop.org/libinput/libinput/-/commit/7819c23eaf61b8501169b124baf984edcaf9e5ff
 (1.30.3)
 CVE-2026-35092 (A flaw was found in Corosync. An integer overflow 
vulnerability in Cor ...)
        TODO: check
 CVE-2026-35091 (A flaw was found in Corosync. A remote unauthenticated 
attacker can ex ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/165de19ecc5fc41efa5f91a73e7c00b886d861b6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/165de19ecc5fc41efa5f91a73e7c00b886d861b6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to