Comment 12 for bug 1834113

Related changes are
    3 * SECURITY UPDATE: DoS via incorrect permissions check
    4 - debian/patches/CVE-2019-3886-1.patch: disallow virDomainGetHostname
    5 for read-only connections in src/libvirt-domain.c.
    6 - debian/patches/CVE-2019-3886-2.patch: enforce ACL write permission
    7 for getting guest time & hostname in src/remote/remote_protocol.x.
    8 - CVE-2019-3886
    9 * SECURITY UPDATE: privilege escalation via incorrect socket permissions
   10 - debian/patches/CVE-2019-10132-1.patch: reject clients unless their
   11 UID matches the current UID in src/admin/admin_server_dispatch.c.
   12 - debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
   13 in src/locking/virtlockd-admin.socket.in,
   14 src/locking/virtlockd.socket.in.
   15 - debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
   16 in src/logging/virtlogd-admin.socket.in,
   17 src/logging/virtlogd.socket.in.
   18 - CVE-2019-10132

None of these is important for mouse integration :-/
So it might be a red herring.