Your submission was sent successfully! Close

CVE-2013-1940

Published: 17 April 2013

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

Priority

Medium

Status

Package Release Status
xorg-server
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (2:1.7.6-2ubuntu7.12)
oneiric
Released (2:1.10.4-1ubuntu4.5)
precise
Released (2:1.11.4-0ubuntu10.13)
quantal
Released (2:1.13.0-0ubuntu6.2)
upstream
Released (1.13.4)
xorg-server-lts-quantal
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Does not exist

precise
Released (2:1.13.0-0ubuntu6.1~precise3)
quantal Does not exist

upstream Needs triage