Date: Mon, 31 Aug 2015 22:50:11 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: oss-security <oss-security@...ts.openwall.com>, Hanno Böck <hanno@...eck.de> Subject: Re: Terminal escape sequences - the new XSS for admins? > I definitely think it deserves a closer look. Here are three recent > finds that kcwu reported after apparently testing GNU screen with > afl-fuzz: > > https://savannah.gnu.org/bugs/?45713 > https://savannah.gnu.org/bugs/?45715 > https://savannah.gnu.org/bugs/?45714 Ditto for tmux: https://github.com/tmux/tmux/issues/92 /mz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ