[Git][security-tracker-team/security-tracker][master] Add CVE-2026-3509{3,4}/libinput

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 2 06:07:03 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
165de19e by Salvatore Bonaccorso at 2026-04-02T07:06:33+02:00
Add CVE-2026-3509{3,4}/libinput

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,9 +29,21 @@ CVE-2026-3877 (A reflected cross-site scripting (XSS) vulnerability in the dashb
 CVE-2026-35099 (Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with  ...)
 	NOT-FOR-US: Lakeside SysTrack Agent
 CVE-2026-35094 (A flaw was found in libinput. An attacker capable of deploying a Lua p ...)
-	TODO: check
+	- libinput <unfixed>
+	[trixie] - libinput <not-affected> (Vulnerable code not present)
+	[bookworm] - libinput <not-affected> (Vulnerable code not present)
+	[bullseye] - libinput <not-affected> (Vulnerable code not present)
+	NOTE: https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1272
+	NOTE: Fixed by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/45506c7b3c8acbe36008975a2ae30d2c1eaf782f (1.31.1)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/af041ea9ed725482e831fa1f6e33cbeb98fcc54f (1.30.3)
 CVE-2026-35093 (A flaw was found in libinput. A local attacker who can place a special ...)
-	TODO: check
+	- libinput <unfixed>
+	[trixie] - libinput <not-affected> (Vulnerable code not present)
+	[bookworm] - libinput <not-affected> (Vulnerable code not present)
+	[bullseye] - libinput <not-affected> (Vulnerable code not present)
+	NOTE: https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1271
+	NOTE: Fixed by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/49f9a815170fe4178cca8dd3a3e591486aa508a3 (1.31.1)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/7819c23eaf61b8501169b124baf984edcaf9e5ff (1.30.3)
 CVE-2026-35092 (A flaw was found in Corosync. An integer overflow vulnerability in Cor ...)
 	TODO: check
 CVE-2026-35091 (A flaw was found in Corosync. A remote unauthenticated attacker can ex ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/165de19ecc5fc41efa5f91a73e7c00b886d861b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/165de19ecc5fc41efa5f91a73e7c00b886d861b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/6f820a3a/attachment.htm>

More information about the debian-security-tracker-commits mailing list