Summary: | <x11-terms/xterm-366: Crash on crafted string (CVE-2021-27135) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | johu, luke |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2021/02/09/7 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=769770 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2021-02-10 02:36:53 UTC
Fixed in 366. "correct a compiler-warning fix in patch #352 which allowed sign-extension of coordinate values (report by "CismonX"). correct upper-limit for selection buffer, accounting for combining characters (report/testcase by Tavis Ormandy). with alwaysHighlight true, xterm does not properly track focus. The screen->select FOCUS flag remains always on, which prevents bellIsUrgent from working, as the urgent WM_HINT flag is only set in setXUrgency() when the window is not focused. Fix this by updating screen->select in unselectwindow() regardless of the value of always_highlight (patch by Jiri Bohac). improve fix for interaction between SRM and ENQ (report by Grant Taylor). build-fix for --with-Xaw3dxft, needed when --with-toolbar is omitted (report by Jimmy Olgeni, Emanuel Haupt)." The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc66fb100f851ddfcbf963930b65d42a63e3e17f commit bc66fb100f851ddfcbf963930b65d42a63e3e17f Author: Sam James <sam@gentoo.org> AuthorDate: 2021-02-11 05:56:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-02-11 05:56:46 +0000 x11-terms/xterm: (security) bump to 366 Bug: https://bugs.gentoo.org/769839 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> x11-terms/xterm/Manifest | 1 + x11-terms/xterm/xterm-366.ebuild | 99 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) x86 done sparc done ppc64 done amd64 done ppc done arm64 done arm done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26c410b52baebe770ba3074977ffa01b4047a319 commit 26c410b52baebe770ba3074977ffa01b4047a319 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-04-25 19:49:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-04-25 20:07:37 +0000 x11-terms/xterm: drop 351, 363, 365 (security cleanup) Bug: https://bugs.gentoo.org/769839 Signed-off-by: Sam James <sam@gentoo.org> x11-terms/xterm/Manifest | 3 -- x11-terms/xterm/xterm-351.ebuild | 99 ---------------------------------------- x11-terms/xterm/xterm-363.ebuild | 99 ---------------------------------------- x11-terms/xterm/xterm-365.ebuild | 99 ---------------------------------------- 4 files changed, 300 deletions(-) Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=60298a368732a5fdf5e926ec4c59811f482e73b5 commit 60298a368732a5fdf5e926ec4c59811f482e73b5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 00:10:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-14 00:11:46 +0000 [ GLSA 202208-22 ] xterm: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/769839 Bug: https://bugs.gentoo.org/832409 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-22.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) GLSA released, all done! |