Description: "A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the "more" command in xterm." There is a thread in debian ml (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030) that contains a fix: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=misc.c.patch;att=1;bug=510030
Xterm 238 released: http://invisible-island.net/xterm/xterm.log.html#xterm_238 We need a version bump here to fix the bug.
239 is in the tree.
Arches, please test and mark stable: =x11-terms/xterm-239 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
Sparc stable.
ppc64 done
alpha/arm/ia64/s390/sh/x86 stable
amd64 stable
ppc stable
GLSA request filed.
GLSA 200902-04