Bugzilla Bug 219754

multi-aterm-0.2.1 is vulnerable to the same X11 Display issue as rxvt,

"The security issue is caused due to the program using ":0" as it's X11 display
if the DISPLAY environment variable is missing. This can be exploited to
execute arbitrary commands with the privileges of the user running rxvt via a
malicious X server."

rxvt bug #217819

Whiteboard and cc.

Patch committed.

Arches, please test and mark stable:
=x11-terms/multi-aterm-0.2.1-r1
Target keywords : "alpha amd64 hppa ppc release sparc x86"

actually addding arches..

Created an attachment (id=151703) [details]
backtrace

Crashes with following recipe:

 * Create some terminals with the button
 * Delete them but one
 * Create a new -> crash

But no regression, so I mark stable anyway

Portage 2.1.4.4 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0,
2.6.24-gentoo-r4 i686)
=================================================================
System uname: 2.6.24-gentoo-r4 i686 AMD Athlon(tm) X2 Dual Core Processor
BE-2400
Timestamp of tree: Sat, 03 May 2008 13:30:01 +0000
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.1.4
dev-lang/python:     2.4.4-r9
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /opt/openfire/resources/security/ /opt/openjms/config
/usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown
/usr/share/config /var/lib/hsqldb /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf
/etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo
/etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache distlocks metadata-transfer parallel-fetch sandbox sfperms
strict unmerge-orphans userfetch userpriv"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE.utf8"
LC_ALL="de_DE.utf8"
LINGUAS="de"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --stats --timeout=180 --exclude=/distfiles
--exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="3dnow 3dnowext X a52 acl acpi aiglx alsa apache2 apm applet artworkextra
asf audiofile avahi bash-completion beagle berkdb bidi bogofilter bootsplash
branding bzip2 cairo ccache cdda cddb cdparanoia cdr cli console cracklib crypt
css cups curl custom-cflags dbus dga directfb divx4linux dri dts dvd dvdr
dvdread dvi eds emacs emboss encode esd evince evo exif fam fat fbcon fdftk
ffmpeg firefox flac foomaticdb fortran ftp gb gcj gdbm gif glitz gnome gpm gsf
gstreamer gtk gtk2 gtkhtml hal howl iconv icq idn imagemagick imap imlib
immqt-bc isdnlog java javascript jpeg jpeg2k kde ldap libnotify lirc lm_sensors
mad maildir matroska mbox midi mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2
mudflap mule mysql nautilus ncurses nforce2 nls nocardbus nptl nptlonly
nsplugin nvidia objc objc++ objc-gc offensive ogg opengl openmp pam pango pcre
pdf perl php plotutils pmu png ppds pppd prediction preview-latex print python
qt3 qt3support qt4 quicktime readline reflection samba sdk session slang spell
spl sse ssl svg svga t1lib tcl tcpd tetex theora threads thumbnailing tiff tk
toolkit-scroll-bars totem tracker truetype truetype-fonts type1-fonts udev
unicode usb userlocales vcd videos vorbis win32codecs wmf wxwindows x86 xface
xft xine xml xorg xosd xpm xv xvid zlib" ALSA_CARDS="intel8x0"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file
hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route
share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias
authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs
dav_lock deflate dir disk_cache env expires ext_filter file_cache filter
headers include info log_config logio mem_cache mime mime_magic negotiation
rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
CAMERAS="canon ptp2" ELIBC="glibc" INPUT_DEVICES="mouse keyboard"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001
mtxorb ncurses text" LINGUAS="de" LIRC_DEVICES="atiusb" USERLAND="GNU"
VIDEO_CARDS="vesa fbdev fglrx"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

x86 stable

alpha/sparc stable

amd64 stable

Stable for HPPA.

ppc stable

Fixed in release snapshot.

GLSA 200805-03