Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 02 May 2017 03:50:35 +0000
From: Steve Kemp <steve@...ve.org.uk>
To: oss-security@...ts.openwall.com
Cc: 
Subject: Re: terminal emulators' processing of escape sequences


> Yves-Alexis Perez of Debian pointed out that whether these crashes occur
> or not may be related to the version of vte.  I'll leave it up to him to
> post a follow-up on that.

  The mention of vte reminded me of a security issue I reported a while 
 back in the evilvte emulator - shell execution via improper quotation
 handling in hyperlinks:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854585

  I didn't ask for a CVE ID because the process seems a bit more
 complicated these days, but perhaps topical.


Steve
-- 
https://steve.fi/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ