Change logs for xtrlock source package in Buster

xtrlock (2.8+deb10u1) buster; urgency=high

  * CVE-2016-10894: Attempt to grab multitouch devices which are not
    intercepted via XGrabPointer.

    xtrlock did not block multitouch events so an attacker could still input
    and thus control various programs such as Chromium, etc. via so-called
    "multitouch" events such as pan scrolling, "pinch and zoom", or even being
    able to provide regular mouse clicks by depressing the touchpad once and
    then clicking with a secondary finger.

    This fix does not the situation where Eve plugs in a multitouch device
    *after* the screen has been locked. For more information on this angle,
    please see <https://bugs.debian.org/830726#115>. (Closes: #830726)

 -- Chris Lamb <email address hidden>  Thu, 16 Jan 2020 16:00:52 +0000

xtrlock (2.8) unstable; urgency=low

  * patch from Simon Tatham to add a -f option [fork, and return success
    from parent once lock acquired] (Closes: #823685)

 -- Matthew Vernon <email address hidden>  Sat, 21 May 2016 19:08:12 +0100