Summary: | <app-misc/screen-4.8.0-r2: Crash when processing certain characters (CVE-2021-26937) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | luke, shell-tools, swegener |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2021/02/09/3 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=769839 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
app-misc/screen-4.8.0-r2
|
Runtime testing required: | --- |
Description
Sam James
2021-02-09 16:13:30 UTC
(In reply to Hanno Böck from comment #1) > Possible patch: > https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html dalias from musl wasn't happy with this, keeping an eye on it: [20:24:19] <dalias> ok https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html is the right patch to apply [20:24:34] <dalias> please update fix with that, since the current patch in alpine just *breaks* multilingual use of screen The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3673b1b7cfa56d2e8f5ebc4de3d028774f331c52 commit 3673b1b7cfa56d2e8f5ebc4de3d028774f331c52 Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2021-02-24 19:21:31 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2021-02-24 19:25:15 +0000 app-misc/screen: Revision bump, security bug #769770 Bug: https://bugs.gentoo.org/769770 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Sven Wegener <swegener@gentoo.org> app-misc/screen/files/screen-CVE-2021-26937.patch | 61 +++++++++ app-misc/screen/screen-4.8.0-r2.ebuild | 159 ++++++++++++++++++++++ 2 files changed, 220 insertions(+) thanks, tell us when ready to stable (In reply to Sam James from comment #4) > thanks, tell us when ready to stable shall we? Yep, it is ready for stabilization. (In reply to Sven Wegener from comment #6) > Yep, it is ready for stabilization. Thanks, let's roll! amd64 stable x86 stable hppa/sparc stable arm done ppc done ppc64 done arm64 done s390 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c6196d6e44e6fce001b39bd2db418a44678c63b commit 8c6196d6e44e6fce001b39bd2db418a44678c63b Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-25 21:04:24 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-25 21:04:30 +0000 app-misc/screen: security cleanup Bug: https://bugs.gentoo.org/769770 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-misc/screen/screen-4.8.0-r1.ebuild | 158 --------------------------------- 1 file changed, 158 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202105-11 at https://security.gentoo.org/glsa/202105-11 by GLSA coordinator Thomas Deutschmann (whissi). |