Date: Mon, 17 May 2021 22:50:20 +0300 From: Dan Yefihmov <dan@...htwave.net.ru> To: oss-security@...ts.openwall.com Subject: Re: rxvt terminal (+bash) remoteish code execution 0day On May 17, 2021 10:28:10 PM GMT+03:00, Jakub Wilk <jwilk@...lk.net> wrote: >* def <def@...meet.info>, 2021-05-17, 17:33: >>The bug is not technically a 0day for rxvt-unicode and has been known >>at least since 2017-05-01 when it was discussed publicly in >>oss-security: >> >> https://www.openwall.com/lists/oss-security/2017/05/01/20 >> >>The issue was quietly fixed in rxvt-unicode upstream in 2017. > >Or was it 2019? > >http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585 > No, that was in fact 2017: http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.583 The commit you mentioned just eradicates the faulty code to protect unwise and careless users. Sincerely Yours, Dan.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.