2022 X.Org Foundation Election vote results
The Board of Directors election and the vote on the By-laws concluded at 23:59 UTC on 18 April 2022. There are 80 current Members of the X.Org Foundation, and 52 Members cast votes. This is a 65.0% turn out. In the election of the Directors to the Board of the X.Org Foundation, the results were that Emma Anholt, Alyssa Rosenzweig, Mark Filion and Ricardo Garcia were elected for two year terms. The old full board is: Emma Anholt, Samuel Iglesias Gonsálvez, Mark Filion, Manasi D Navare, Keith Packard, Lyude Paul, Daniel Vetter, Harry Wentland The new full board is: Emma Anholt, Samuel Iglesias Gonsálvez, Mark Filion, Manasi D Navare, Alyssa Rosenzweig, Lyude Paul, Daniel Vetter, and Ricardo Garcia The full election results were as follows: Option | Rank 1 | Rank 2 | Rank 3 | Rank 4 | Rank 5 | Rank 6 | Final Score Emma Anholt | 21 | 16 | 4 | 1 | 5 | 5 | 240 Alyssa Rosenzweig | 4 | 10 | 17 | 7 | 11 | 3 | 188 Mark Filion | 8 | 12 | 7 | 10 | 5 | 10 | 186 Ricardo Garcia | 9 | 4 | 5 | 17 | 10 | 7 | 172 Lucas Stach | 4 | 5 | 14 | 9 | 11 | 9 | 163 Shashank Sharma | 6 | 5 | 5 | 8 | 10 | 18 | 143 Lyude Paul, on behalf of the X.Org elections committee
[ANNOUNCE] libinput 1.19.4
libinput 1.19.4 is now available. This release includes a fix for CVE-2022-1215, a format string vulnerabilty in the evdev device handling. For details, see https://gitlab.freedesktop.org/libinput/libinput/-/issues/752 Peter Hutterer (2): evdev: strip the device name of format directives libinput 1.19.4 git tag: 1.19.4 https://www.freedesktop.org/software/libinput/libinput-1.19.4.tar.xz SHA256: ff33a570b5a936c81e6c08389a8581c2665311d026ce3d225c88d09c49f9b440 libinput-1.19.4.tar.xz SHA512: 3a046a1719747c04f59d48608c438399631c25d0ed0643ca0370206bb67c6da2ea06978ea8cec0feff2bc61d63a9045519c961c5fd8fd46814b571468174 libinput-1.19.4.tar.xz PGP: https://www.freedesktop.org/software/libinput/libinput-1.19.4.tar.xz.sig signature.asc Description: PGP signature
[ANNOUNCE] libinput 1.18.2
libinput 1.18.2 is now available. This release includes a fix for CVE-2022-1215, a format string vulnerabilty in the evdev device handling. For details, see https://gitlab.freedesktop.org/libinput/libinput/-/issues/752 Peter Hutterer (2): evdev: strip the device name of format directives libinput 1.18.2 git tag: 1.18.2 https://www.freedesktop.org/software/libinput/libinput-1.18.2.tar.xz SHA256: be63f923b868c9287be2879c3df3129d8e8d36a8dec9b8ad1cf161eead82aea4 libinput-1.18.2.tar.xz SHA512: 39e7fed19c31c54e85d1c778b31224449310372c04c1255ea47496b5365e750232b1586c0c6adb3033b8d524c8bbc210b5bb5ed0dcc4a78e82e65acbf4669b22 libinput-1.18.2.tar.xz PGP: https://www.freedesktop.org/software/libinput/libinput-1.18.2.tar.xz.sig signature.asc Description: PGP signature
[ANNOUNCE] libinput 1.20.1
libinput 1.20.1 is now available One single patch only, for a format string vulnerability, assigned CVE-2020-1215. See https://gitlab.freedesktop.org/libinput/libinput/-/issues/752 for details When a device is detected by libinput, libinput logs several messages through log handlers set up by the callers. These log handlers usually eventually result in a printf call. Logging happens with the privileges of the caller, in the case of Xorg this may be root. The device name ends up as part of the format string and a kernel device with printf-style format string placeholders in the device name can enable an attacker to run malicious code. An exploit is possible through any device where the attacker controls the device name, e.g. /dev/uinput or Bluetooth devices. Many thanks to Albin Eldstål-Ahrens and Benjamin Svensson from Assured AB for their discovery and responsible reporting of this issue. This issue was independently discovered by Lukas Lamster. Many thanks for their discovery and responsible reporting. The release is available via gitlab from https://gitlab.freedesktop.org/libinput/libinput/-/releases/1.20.1 -- Peter Hutterer (2): evdev: strip the device name of format directives libinput 1.20.1 signature.asc Description: PGP signature
