Window title, DECRQSS security
Bug #311983 reported by
Paul Szabo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xterm (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
Please see
http://
for details (noting that Ubuntu is vulnerable to both DECRQSS
and to window title report).
Cheers,
Paul Szabo <email address hidden> http://
School of Mathematics and Statistics University of Sydney Australia
CVE References
Changed in xterm: | |
assignee: | nobody → kees |
importance: | Undecided → Medium |
status: | New → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package xterm - 235-1ubuntu1.1
---------------
xterm (235-1ubuntu1.1) intrepid-security; urgency=low
* SECURITY UPDATE: command injection via dangerous terminal sequences
(CVE-2008-2383, LP: #311983).
- block DECRQSS, font shifting, X property changes, user-defined
keys. Thanks to Paul Szabo and Florian Weimer.
-- Kees Cook <email address hidden> Fri, 02 Jan 2009 11:28:08 -0800