Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 761214 (CVE-2020-35605) - <x11-terms/kitty-0.19.3: Command injection (CVE-2020-35605)
Summary: <x11-terms/kitty-0.19.3: Command injection (CVE-2020-35605)
Alias: CVE-2020-35605
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~2 [noglsa]
Depends on:
Reported: 2020-12-22 02:28 UTC by Sam James
Modified: 2021-10-17 20:09 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-22 02:28:05 UTC
"The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-22 02:28:15 UTC
Fixed in 0.19.3. Please bump.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-10 16:40:24 UTC
Comment 3 Pablo Orduna 2021-01-10 21:36:19 UTC
Added pull request to bump kitty and kitty-terminfo packages to version 0.19.3
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:24:54 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:33:26 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:41:18 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:49:27 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:05:22 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 18:13:41 UTC
Package list is empty or all packages have requested keywords.
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-17 20:09:53 UTC
Patch is in all versions we have, all done!