Summary: | x11-terms/rxvt-unicode - ship hardening patch | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jason A. Donenfeld <zx2c4> |
Component: | Current packages | Assignee: | Jeroen Roovers (RETIRED) <jer> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | CC: | security |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2017/q2/185 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | rxvt-unicode-defense-in-depth-fix.patch |
This is not a security bug. (In reply to Jason A. Donenfeld from comment #0) > Created attachment 472374 [details, diff] [details, diff] > rxvt-unicode-defense-in-depth-fix.patch Jason, has upstream accepted the patch yet? > As discussed via personal email and on oss-sec, the attached patch should be > applied to the rxvt-unicode patch. Well, you asked me to apply the patch and I asked what upstream thinks of it. That's not a discussion. The last thing you said about it was: "rxvt-unicode isn't vulnerable, but the patch I sent you is worth applying as a defense-in-depth measure. I've sent it upstream and am awaiting their response." I am awaiting their response, too. No related commits yet, nothing on the mailing list (where did you send that e-mail to?), no updates in the Changes file. Okay, no problem. I'll poke upstream again and also add them to this bug report. |
Created attachment 472374 [details, diff] rxvt-unicode-defense-in-depth-fix.patch As discussed via personal email and on oss-sec, the attached patch should be applied to the rxvt-unicode patch.