From https://marc.info/?l=oss-security&m=164356795205932&w=2: "howdy! in the hopes of further distributing my computing into your terminal emulators, i this morning learned that i can control writes to memory from XTerm's context via the method of crafted sixel. en garde, i'll let you try my wu-tang style. this was discovered while working on Notcurses bug #2573: https://github.com/dankamongmen/notcurses/issues/2573 an error of mine own led to emission of a corrupted sixel [0], and spectacular gyrations from XTerm: [...] This requires that XTerm was built with Sixel support, and that the XTerm configuration interprets Sixels."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7eb0cef3bd3a37c45312df02c1ba696709c8e2eb commit 7eb0cef3bd3a37c45312df02c1ba696709c8e2eb Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-26 03:34:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-26 03:43:28 +0000 x11-terms/xterm: add 371 Bug: https://bugs.gentoo.org/832409 Signed-off-by: Sam James <sam@gentoo.org> x11-terms/xterm/Manifest | 1 + x11-terms/xterm/xterm-371.ebuild | 98 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+)
Please cleanup
Request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=60298a368732a5fdf5e926ec4c59811f482e73b5 commit 60298a368732a5fdf5e926ec4c59811f482e73b5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 00:10:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-14 00:11:46 +0000 [ GLSA 202208-22 ] xterm: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/769839 Bug: https://bugs.gentoo.org/832409 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-22.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
GLSA released, all done!