Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 761214 (CVE-2020-35605)

Summary: <x11-terms/kitty-0.19.3: Command injection (CVE-2020-35605)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: pabloorduna98, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/kovidgoyal/kitty/issues/3128
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-22 02:28:05 UTC 
Description:
"The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-22 02:28:15 UTC 
Fixed in 0.19.3. Please bump.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-10 16:40:24 UTC 
Ping.
Comment 3 Pablo Orduna 2021-01-10 21:36:19 UTC 
Added pull request to bump kitty and kitty-terminfo packages to version 0.19.3

https://github.com/gentoo/gentoo/pull/19021
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:24:54 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:33:26 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:41:18 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:49:27 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:05:22 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 18:13:41 UTC 
Package list is empty or all packages have requested keywords.
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-17 20:09:53 UTC 
Patch is in all versions we have, all done!