libinput 1.30.4 is now available. This release contains a fix for todays security advisory: https://lore.freedesktop.org/wayland-devel/aiDRA35Gggyi5mTY@quokka/T/#u
libinput-device-group now sanitizes the PHYS value which prevents local
privilege escalation through udev property injection. As said in the advisory
this is only a security issue if you have a udev rule in place that allows
users to create uinput devices.
As usual, the git shortlog is below:
Peter Hutterer (3):
util: sanitize control characters in str_sanitize()
libinput-device-group: sanitize phys before printing it
libinput 1.30.4
signature.asc
Description: PGP signature
