Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <addC9yTFAPYQnzpi@eldamar.lan>
Date: Thu, 9 Apr 2026 08:11:03 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: adrelanos@...nix.org, arraybolt3@...il.com
Subject: Re: systemd-journald in systemd 259 does not escape
 characters in emerg messages that are wall'd to other user's terminals

Hi Aaron,

On Tue, Apr 07, 2026 at 08:09:06PM -0400, Aaron Rainbolt wrote:
[...]
> I discovered this while doing work for the Kicksecure and Whonix
> projects. This bug was reported privately to upstream on December 23,
> 2025. As per Kicksecure's Vulnerability Disclosure Policy [1], we're
> disclosing it publicly on April 7, 2026, 90 days + a 14-day grace
> period later. An upstream bug report can be seen at [2].

JFYI, the reference to the issue: It currently say: "This issue has been
deleted.". Is the issue reference correct, was it really deleted or is
there a typo?

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.