Date: Tue, 02 May 2017 03:50:35 +0000 From: Steve Kemp <steve@...ve.org.uk> To: oss-security@...ts.openwall.com Cc: Subject: Re: terminal emulators' processing of escape sequences > Yves-Alexis Perez of Debian pointed out that whether these crashes occur > or not may be related to the version of vte. I'll leave it up to him to > post a follow-up on that. The mention of vte reminded me of a security issue I reported a while back in the evilvte emulator - shell execution via improper quotation handling in hyperlinks: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854585 I didn't ask for a CVE ID because the process seems a bit more complicated these days, but perhaps topical. Steve -- https://steve.fi/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ