Similar to the screen bug (linked) but hits xterm too. Upstream have acknowledged and will patch tomorrow.
Fixed in 366. "correct a compiler-warning fix in patch #352 which allowed sign-extension of coordinate values (report by "CismonX"). correct upper-limit for selection buffer, accounting for combining characters (report/testcase by Tavis Ormandy). with alwaysHighlight true, xterm does not properly track focus. The screen->select FOCUS flag remains always on, which prevents bellIsUrgent from working, as the urgent WM_HINT flag is only set in setXUrgency() when the window is not focused. Fix this by updating screen->select in unselectwindow() regardless of the value of always_highlight (patch by Jiri Bohac). improve fix for interaction between SRM and ENQ (report by Grant Taylor). build-fix for --with-Xaw3dxft, needed when --with-toolbar is omitted (report by Jimmy Olgeni, Emanuel Haupt)."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc66fb100f851ddfcbf963930b65d42a63e3e17f commit bc66fb100f851ddfcbf963930b65d42a63e3e17f Author: Sam James <sam@gentoo.org> AuthorDate: 2021-02-11 05:56:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-02-11 05:56:46 +0000 x11-terms/xterm: (security) bump to 366 Bug: https://bugs.gentoo.org/769839 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> x11-terms/xterm/Manifest | 1 + x11-terms/xterm/xterm-366.ebuild | 99 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+)
x86 done
sparc done
ppc64 done
amd64 done
ppc done
arm64 done
arm done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26c410b52baebe770ba3074977ffa01b4047a319 commit 26c410b52baebe770ba3074977ffa01b4047a319 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-04-25 19:49:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-04-25 20:07:37 +0000 x11-terms/xterm: drop 351, 363, 365 (security cleanup) Bug: https://bugs.gentoo.org/769839 Signed-off-by: Sam James <sam@gentoo.org> x11-terms/xterm/Manifest | 3 -- x11-terms/xterm/xterm-351.ebuild | 99 ---------------------------------------- x11-terms/xterm/xterm-363.ebuild | 99 ---------------------------------------- x11-terms/xterm/xterm-365.ebuild | 99 ---------------------------------------- 4 files changed, 300 deletions(-)
Package list is empty or all packages have requested keywords.
Request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=60298a368732a5fdf5e926ec4c59811f482e73b5 commit 60298a368732a5fdf5e926ec4c59811f482e73b5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 00:10:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-14 00:11:46 +0000 [ GLSA 202208-22 ] xterm: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/769839 Bug: https://bugs.gentoo.org/832409 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-22.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
GLSA released, all done!