Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 761214 (CVE-2020-35605) - x11-terms/kitty: Command injection (CVE-2020-35605)
Summary: x11-terms/kitty: Command injection (CVE-2020-35605)
Status: IN_PROGRESS
Alias: CVE-2020-35605
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/kovidgoyal/kitty/i...
Whiteboard: ~2 [ebuild+]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-22 02:28 UTC by Sam James
Modified: 2021-01-10 21:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-12-22 02:28:05 UTC
Description:
"The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message."
Comment 1 Sam James archtester gentoo-dev Security 2020-12-22 02:28:15 UTC
Fixed in 0.19.3. Please bump.
Comment 2 Sam James archtester gentoo-dev Security 2021-01-10 16:40:24 UTC
Ping.
Comment 3 Pablo Orduna 2021-01-10 21:36:19 UTC
Added pull request to bump kitty and kitty-terminfo packages to version 0.19.3

https://github.com/gentoo/gentoo/pull/19021