Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 611290

Summary: <=x11-terms/evilvte-0.5.1: Allows executing (unexpected) commands via mouse-clicks
Product: Gentoo Security Reporter: Harri Nieminen (Moiman) <moiman>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: desktop-misc, mgorny, treecleaner
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/caleb-/evilvte/issues/38
See Also: https://bugs.debian.org/854585
Whiteboard: C2 [glsa]
Package list:
Runtime testing required: ---

Description Harri Nieminen (Moiman) 2017-03-01 07:31:05 UTC 
See debian bug report for more information:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854585

Upstream bug report:
https://github.com/caleb-/evilvte/issues/38

I would Suggest sending last rites to this package. No upstream activity since 31 Mar 2014.
Also has two open bugs for it 601350 and 587040 .

Reproducible: Always
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2017-03-01 08:25:51 UTC 
MATCH_STRING_HTTP is disabled by default and can only be enabled through USE=savedconfig and relevant edits to src/config.h.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-03-01 22:55:49 UTC 
@ Maintainer(s): CC'ing tree cleaners because nothing depend on the package and to follow Debian. If you want to keep this package in repository please tell us how you want to handle the reported problem.
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-08-14 08:04:00 UTC 
commit f9817ef6dd0b8152546951ebceb237b0fdeaad78
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: Mon Aug 14 10:00:03 2017
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: Mon Aug 14 10:02:55 2017

    x11-terms/evilvte: Remove last-rited pkg, #601350

 profiles/package.mask                       |  6 ---
 x11-terms/evilvte/Manifest                  |  2 -
 x11-terms/evilvte/evilvte-0.5.1.ebuild      | 43 ---------------------
 x11-terms/evilvte/evilvte-0.5.2_pre1.ebuild | 58 -----------------------------
 x11-terms/evilvte/metadata.xml              |  8 ----
 5 files changed, 117 deletions(-)
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2017-08-14 23:35:21 UTC 
Removal GLSA request open.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2017-08-21 01:20:22 UTC 
This issue was resolved and addressed in
 GLSA 201708-07 at https://security.gentoo.org/glsa/201708-07
by GLSA coordinator Thomas Deutschmann (whissi).