From the NVD, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2713: The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
More information: https://bugzilla.gnome.org/show_bug.cgi?id=548272 https://bugzilla.redhat.com/show_bug.cgi?id=613110
The commit in URL was released in revisions >=0.25.90 and all revisions that would have been affected have left the tree on March, 27th thanks to nirbheek.
(In reply to comment #2) > The commit in URL was released in revisions >=0.25.90 and all revisions that > would have been affected have left the tree on March, 27th thanks to nirbheek. Great, thanks. Since 0.26.2 is already stable... GLSA request filed.
This issue was resolved and addressed in GLSA 201412-10 at http://security.gentoo.org/glsa/glsa-201412-10.xml by GLSA coordinator Sean Amoss (ackle).